Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Timechart automatic high resize

ea7777777
New Member
‎10-02-2019 10:11 AM

Hi,
I've got a timechart with different columns (depending on the search). If I don't get many columns, the high of the timechart is enough. If I get many columns results, the timechart high is not enough and all will be pressed together.

So I tried to change the high automatically by the column results, but I don't know how to get the correct column results on the "XXXXXXX". $job.resultCount$ is not correct, because it gives me the row results.

Someone an Idea?

            <search>
              <query>Linie=$Token_Linie$  Antyp=$Token_Antyp$  
              | eval combined_field= Linie + " " + Antyp 
              | eventstats count as "totalCount" by An 
              | timechart  count(totalCount) BY combined_field
              </query>
              <earliest>$Token_IO_NIO_Zeit.earliest$</earliest>
              <latest>$Token_IO_NIO_Zeit.latest$</latest>
              <done>
                   <eval token="tokPanelHeight2">100*$XXXXXXX$</eval>
             </done>     
            </search>
            <option name="height">$tokPanelHeight2$</option>

alt text

Thx a lot!!!!!

Preview file
33 KB
0 Karma
Reply

woodcock
Esteemed Legend
‎10-02-2019 06:06 PM

I would not do it this way. I would instead use the format tool to change the Y-axis from linear to log.

0 Karma
Reply

ea7777777
New Member
‎10-04-2019 04:21 AM

No, that solves not my problem.

My problem ist, if my result shows only one column the display is ok. But if I get more as result the chart get´s pressed together. To rise only the high parameter is also not good, because than the timechart is for one column result to big and for ten column result to small. I need an autoresize of the timechart high....

Good display of one result.
alt text

Bad display example of 4 results.
alt text

Preview file
33 KB
Preview file
30 KB
0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...