Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Passing checkbox values to timechart

vaishnavi07
Explorer
‎05-14-2014 12:19 AM

Hi i am using checkboxes module with sideview. I have to pass the values that i select in checkbox drand display graph for that. If i select "%_Processor_Time" then i should get graph displaying avg(%_Processor_Time). If i select two option like %_Processor_Time and %_DPC_Time then graph should get displayed for both.

For now the the query is getting passed like this.

search index=winserver_perf sourcetype="PerfmonMk:Processor" host="adwas1701" | timechart avg(Avg(%_Processor_Time))

If i select two option in checkbox then query looks like this.

index=winserver_perf sourcetype="PerfmonMk:Processor" host="adwas1701" | timechart avg(Avg(%_Processor_Time),Avg(%_DPC_Time))

There are two avg's getting passed in query. I dunno how to remove that. 

                  <module name="Checkboxes" layoutPanel="panel_row2_col2">
        <param name="name">column</param>
        <param name="valueField">column</param>
        <param name="labelField">label</param>
        <param name="separator">,</param> 
        <param name="template">Avg($value$)</param>
        <param name="outerTemplate">$value$</param>  


                <module name="Search" layoutPanel="panel_row2_col1" autoRun="False">
                  <param name="search"> index=winserver_perf sourcetype="PerfmonMk:$sourcetype$" host="$host$"  | timechart avg($column$) </param>
                  <module name="JobProgressIndicator" /> 
                 <module name="ValueSetter" >

right
line
Time

$statistic$($column$)
$host$ : $sourcetype$ : $column$

connect

300px
100%



Can anyone please help me in finding out what is the mistake in the above code? Thanks in advance!

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎05-14-2014 02:27 AM

Remove the avg() around your $column$ in the search.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎05-14-2014 02:59 PM

As it is now, you have two avg() wrapped inside each other. One is here:

... | timechart avg($column$)

And the other is here:

<param name="template">Avg($value$)</param>

Resulting in this:

| timechart avg(Avg(%_Processor_Time),Avg(%_DPC_Time))

What you want is this:

... | timechart $column$

and this:

<param name="template">avg($value$)</param>

Resulting in this:

| timechart avg(%_Processor_Time),avg(%_DPC_Time)
0 Karma
Reply

vaishnavi07
Explorer
‎05-14-2014 03:20 AM

If i remove the Avg() then its showing error as func() is needed for timechart.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...