Timechart not displaying for some selections despi...

jaffar20 · ‎09-23-2019

I have a timechart dependent on a dropdown at the top of the dashboard that selects the customer to show the results for. One customer makes the timechart go invisible when they are selected but when I open it in search or even in edit, it shows fine, so I know it is gathering results. This doesn't happen when other customers are selected, it's just this one so I can't figure out why it's happening.

I do have some formatting on it through XML but can't see why this is happening with this customer but not others.

Here is the XML for the panel:

 <panel>
       <title>eRMI score progress</title>
      <chart>
        <search>
          <query>index=ermi  IncludesUnitList=0 AggregateERMIScore=*
|rename a_customer_code as eRMI_code
|join type=left eRMI_code [|inputlookup master_lookup.csv]
| eval t=if(CSA_name="$toktrust$","Selected Trust","Other")  | timechart mean(AggregateERMIScore) AS ERMIScore span=1w by t
|rename "Selected Trust" as "$toktrust$", "Other" as "UK/Ireland average"</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">collapsed</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">connect</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">all</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">top</option>
        <option name="charting.axisTitleY.text">eRMI Score</option>
        <option name="height">300</option>
        <option name="charting.fieldColors">{"$toktrust$":#11a88b, "UK/Ireland average":#ea9600}</option>
            </chart>
    </panel>

gcusello · ‎09-23-2019

Hi jaffar20,
at first, you don't need of join command for lookups, you can use the lookup command
index=ermi IncludesUnitList=0 AggregateERMIScore=*
| rename a_customer_code as eRMI_code
| lookup master_lookup.csv eRMI_code OUTPUT
| eval t=if(CSA_name="$toktrust$","Selected Trust","Other")

| timechart mean(AggregateERMIScore) AS ERMIScore span=1w by t
| rename "Selected Trust" as "$toktrust$", "Other" as "UK/Ireland average"
Then, try to reduce the time period and change the span, I think that the problem could be related to the number of results.

Bye.
Giuseppe

jaffar20 · ‎09-23-2019

I made the changes you suggested but it still isn't working. I've realised it does show when I go to edit it, but not once I've saved it

Timechart not displaying for some selections despite having results. It's invisible for some reason, but shows when it edit mode

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!