Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk dashboard single value trendinterval time as dynamic

splunkkid
Path Finder
‎03-07-2021 08:57 PM

Hello,

 

I' m currently working on how to make dashboard with our Server's VM Count logs.

Our logs are being collected as daily basis, I'm trying to show the count trend using trellis by data center.

 

The command are like below.

host=[HOST] index=[INDEX] sourcetype=[SRC_TYPE] source=[SRC]
| timechart limit=0 span=1d sum(vm.count) as VM by center

 

If I make single value trellis viz with above command, I found the difference of VM count is only shown as daily basis. Like the pic attached.

 

I want to make trendinterval option value to dynamically change if I click time picker to change time range.

Like, If I change time range to Last 90days, then showing me the difference between today and 90days ago.

 

How could I make it so?

 

Thank you.

Labels (1)
Labels
Tags (1)
Preview file
9 KB
0 Karma
Reply

tscroggins
Champion
‎03-13-2021 11:57 AM

@splunkkid 

Here's an example that works for me:

 

index=_internal sourcetype=splunkd source=*/splunkd.log* earliest=-90d
| timechart limit=0 span=1d useother=f count by component

 

 

splunkkid_single_item_format.png

 

splunkkid_single_item_trellis.png

 

splunkkid_single_item_trellis_output.png

 

 

By default, it compares the two most recent values (today and yesterday). Is your "Compared to" option set correctly?

splunkkid_single_item_format_90days.png

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...