Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Problem with Stacked Area Chart

blurblebot
Communicator
‎10-26-2010 05:45 PM

I have a stacked area chart set up with advanced XML that is giving me an issue with mouseovers. The displayed chart, when moused over, highlights the entire distance from the top line to the X-axis, regardless of what section of the area chart my mouse is over.

With simplified XML charts, only the section of the area chart your mouse is over is highlighted, and I'd like to recreate that functionality in advanced XML.

With my particular chart, I have an area chart of Inbound, Outbound, and Internal sessions over time. Outbound is positioned as the top section of area chart, and whether I'm mousing over Internal or Inbound sections, only the Outbound data is displayed in the mouse-over's pop-up.

Below is my XML for reference.

    <module name="HiddenSearch" layoutPanel="panel_row1_col1" group="TCP Sessions by Direction" autoRun="False">
    <param name="search">`tcp-end` | timechart count(inst) by dir | rename inb AS Inbound | rename outb AS Outbound | rename int AS Internal| fields - ext</param>
    <param name="groupLabel">Session Counts</param>
    <module name="ViewstateAdapter">
      <module name="HiddenFieldPicker">
        <param name="strictMode">True</param>
        <module name="JobProgressIndicator">
          <module name="EnablePreview">
            <param name="enable">True</param>
            <param name="display">False</param>
            <module name="HiddenChartFormatter">
              <param name="charting.primaryAxisTitle.text">Timeline</param>
              <param name="charting.secondaryAxisTitle.text">Count</param>
              <param name="charting.legend.placement">left</param>
              <param name="charting.chart">area</param>
              <module name="FlashChart">
                <param name="width">100%</param>
                <module name="ConvertToDrilldownSearch">
                  <module name="ViewRedirector">
                    <param name="viewTarget">flashtimeline</param>
                  </module>
                </module>
              </module>
              <module name="ViewRedirectorLink">
                <param name="viewTarget">flashtimeline</param>
              </module>
            </module>
          </module>
        </module>
      </module>
    </module>
  </module>
Tags (1)
0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎10-26-2010 09:34 PM

You are not actually using the stacked config for this guy, so it's just going with the normal 'unstacked' behavior of area charts.

Add this into your HiddenChartFormatter and you'll be fine. 

<param name="charting.chart.stackMode">stacked</param>

As a side note you can remove the ViewStateAdapter and HiddenFieldPicker modules entirely. Those are cruft that get carried over from the simplified XML. Once in a while they do something useful but in this case they are doing nothing besides making the view harder to read. The simplified XML also does a number of other odd things like littering the view with 'groupLabel' params (which are meaningless), using unnecessary indentation in several places, and having autoRun="False" (False is the default so there's no need to specify it)

Here's a cleaned up version. 

<module name="HiddenSearch" layoutPanel="panel_row1_col1" group="TCP Sessions by Direction">
    <param name="search">`tcp-end` | timechart count(inst) by dir | rename inb AS Inbound | rename outb AS Outbound | rename int AS Internal| fields - ext</param>

    <module name="JobProgressIndicator"></module>

    <module name="EnablePreview">
        <param name="enable">True</param>
        <param name="display">False</param>
    </module>

    <module name="HiddenChartFormatter">
      <param name="charting.primaryAxisTitle.text">Timeline</param>
      <param name="charting.secondaryAxisTitle.text">Count</param>
      <param name="charting.legend.placement">left</param>
      <param name="charting.chart">area</param>
      <param name="charting.chart.stackMode">stacked</param>
      <module name="FlashChart">
        <param name="width">100%</param>
        <module name="ConvertToDrilldownSearch">
          <module name="ViewRedirector">
            <param name="viewTarget">flashtimeline</param>
          </module>
        </module>
      </module>
    </module>
    <module name="ViewRedirectorLink">
        <param name="viewTarget">flashtimeline</param>
    </module>
</module>
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...