Solved: Value to the right of the y-axis

epacke · ‎01-02-2015

Dear experts!
Happy new year to you all. 🙂

Got a strange thing when I am creating a timechart in Splunk in the panel of one of my dashboards. One of the values are shown to the left of the y-axis.

http://i.imgur.com/NLO10Jx.png

When I run the search manually I don't get the same visual result:

index="webfront" sourcetype="iis_w3c_min" host=BMA-WEB* (time_taken>16000 OR sc_status=500)  s_port=40*  (c_ip=1.1.1.1 OR c_ip=2.2.2.2) | timechart count by s_port

The panel is a default timechart panel:

<panel>
      <chart>
        <search>
          <query>index="webfront" sourcetype="iis_w3c_min" host=BMA-WEB* (time_taken>16000 OR sc_status=500) $siteiis$ (c_ip=1.1.1.1 OR c_ip=2.2.2.2) | timechart count by s_port</query>
          <earliest>$time_tok.earliest$</earliest>
          <latest>$time_tok.latest$</latest>
        </search>
      </chart>
    </panel>

Thankful for any help!

acharlieh · ‎01-03-2015

What I think is happening is Splunk is attempting to pick and display a label for the Y-Axis. You probably want to specify some options for customizing how the results are displayed (there are a lot of options available). For reference to the XML: http://docs.splunk.com/Documentation/Splunk/6.2.1/Viz/ChartConfigurationReference

In this particular case to hide the Y axis title:

<panel>
   <chart>
     <search>
       <query>index="webfront" sourcetype="iis_w3c_min" host=BMA-WEB* (time_taken>16000 OR sc_status=500) $siteiis$ (c_ip=1.1.1.1 OR c_ip=2.2.2.2) | timechart count by s_port</query>
       <earliest>$time_tok.earliest$</earliest>
       <latest>$time_tok.latest$</latest>
     </search>
    <option name="charting.axisTitleY.visibility">collapsed</option>
   </chart>
 </panel>

Or instead if you want a custom label you could set charting.axisTitleY.text to the text you want displayed.

Additionally if you're building this dashboard in SplunkWeb there are some UI based editors that can help you set many of the charting options: http://docs.splunk.com/Documentation/Splunk/6.2.1/Viz/Editdashboardpanelvisualizations

View solution in original post

acharlieh · ‎01-03-2015

What I think is happening is Splunk is attempting to pick and display a label for the Y-Axis. You probably want to specify some options for customizing how the results are displayed (there are a lot of options available). For reference to the XML: http://docs.splunk.com/Documentation/Splunk/6.2.1/Viz/ChartConfigurationReference

In this particular case to hide the Y axis title:

<panel>
   <chart>
     <search>
       <query>index="webfront" sourcetype="iis_w3c_min" host=BMA-WEB* (time_taken>16000 OR sc_status=500) $siteiis$ (c_ip=1.1.1.1 OR c_ip=2.2.2.2) | timechart count by s_port</query>
       <earliest>$time_tok.earliest$</earliest>
       <latest>$time_tok.latest$</latest>
     </search>
    <option name="charting.axisTitleY.visibility">collapsed</option>
   </chart>
 </panel>

Or instead if you want a custom label you could set charting.axisTitleY.text to the text you want displayed.

Additionally if you're building this dashboard in SplunkWeb there are some UI based editors that can help you set many of the charting options: http://docs.splunk.com/Documentation/Splunk/6.2.1/Viz/Editdashboardpanelvisualizations

epacke · ‎01-05-2015

I solved it by moving the legend to the bottom. Needed to do that anyway to align the graphs.
Thanks for your help!

/Patrik

Value to the right of the y-axis

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Value to the right of the y-axis

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem