Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk dashboard single value trendinterval time as dynamic

splunkkid
Path Finder
‎03-07-2021 08:57 PM

Hello,

 

I' m currently working on how to make dashboard with our Server's VM Count logs.

Our logs are being collected as daily basis, I'm trying to show the count trend using trellis by data center.

 

The command are like below.

host=[HOST] index=[INDEX] sourcetype=[SRC_TYPE] source=[SRC]
| timechart limit=0 span=1d sum(vm.count) as VM by center

 

If I make single value trellis viz with above command, I found the difference of VM count is only shown as daily basis. Like the pic attached.

 

I want to make trendinterval option value to dynamically change if I click time picker to change time range.

Like, If I change time range to Last 90days, then showing me the difference between today and 90days ago.

 

How could I make it so?

 

Thank you.

Labels (1)
Labels
Tags (1)
Preview file
9 KB
0 Karma
Reply

tscroggins
Champion
‎03-13-2021 11:57 AM

@splunkkid 

Here's an example that works for me:

 

index=_internal sourcetype=splunkd source=*/splunkd.log* earliest=-90d
| timechart limit=0 span=1d useother=f count by component

 

 

splunkkid_single_item_format.png

 

splunkkid_single_item_trellis.png

 

splunkkid_single_item_trellis_output.png

 

 

By default, it compares the two most recent values (today and yesterday). Is your "Compared to" option set correctly?

splunkkid_single_item_format_90days.png

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...