Solved: TimeChart Display query result in text format

smahuja · ‎06-25-2020

Hello,

I have a timechart with multiple fields, I want to append existing query or add new query to display one field as a text in graph.

Example:

I am having above graph, want to display text (field) from search query at the two purple circles .

Thanks,

rnowitzki · ‎06-26-2020

Hello @smahuja ,

Not sure what you exactly mean.

If the filename/objectname is in the results of your annotation search, you can display it as the text of the Annotation.

| eval annotation_label = <field>

Is that what you need?

--
Karma and/or Solution tagging appreciated.

View solution in original post

rnowitzki · ‎06-26-2020

Hi @smahuja ,

Should the text also be alligned to some time on the chart?

If I understood your request correct, you could work with Event Annotation.
https://docs.splunk.com/Documentation/Splunk/latest/Viz/ChartEventAnnotations

You have to edit the Dashboards XML as described in the Documentation.

Hope this helps.

Ralph

--
Karma and/or Solution tagging appreciated.

smahuja · ‎06-26-2020

Hello rnowitzki

Thanks for your reply, although I was looking for a proper string like fileName/objectName. If you know anything like that, please let me know otherwise I find this also helpful.

Thanks,

rnowitzki · ‎06-26-2020

Hello @smahuja ,

Not sure what you exactly mean.

If the filename/objectname is in the results of your annotation search, you can display it as the text of the Annotation.

| eval annotation_label = <field>

Is that what you need?

--
Karma and/or Solution tagging appreciated.

TimeChart Display query result in text format

chart

field extraction

fields

join

subsearch

table

timechart

transaction

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes