Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Zoom with second dashboard not working

tydyg
Explorer
‎12-17-2014 12:44 PM

I am performing a sentiment analysis on RSS feeds over time and want to make a timechart zoom capability in my dashboard. Currently I cannot get this to work. I want the zoom to display in another chart. my first chart looks like this:

    <title>Sentiment Over Time</title>
    <searchString>index = rss_2  | dedup link  | sentiment imdb title | timechart avg(sentiment)</searchString>
    <earliestTime>0</earliestTime>
    <latestTime>now</latestTime>
    <selection>
      <set token="selection_earliest">$start$</set>
      <set token="selection_latest">$end$</set>
      <set token="start_splunk_web_access">$start.avg(sentiment)$</set>
      <set token="end_splunk_web_access">$end.avg(sentiment$)</set>
    </selection>

my second chart looks like this:

    <title>Zoom in Sentiment Visual</title>
    <search>
      <query>index = rss_2 | dedup link | sentiment imdb title | timechart avg(sentiment)</query>
      <earliest>$selection_earliest$</earliest>
      <latest>$selection_latest$</latest>
    </search>
  </chart>

my goal is to be able to zoom in on a specific time frame and view the individual titles of the RSS feeds so that the user can see which titles are generating low or high sentiment quickly without having to execute any further search strings.

I have tried drilldown capability in the dashboard and cant get that to work as I want it to either.

Any help is much appreciated as I've been developing this APP for almost 4 months

0 Karma
Reply

bjoernjensen
Contributor
‎01-09-2015 06:39 AM

Hi,

I think your approach bases mostly on the "Pan and zoom chart controls" (Link). This should work basically. The one thing that will be "disabled" using another chart is the visual zoom itself. You will find yourself with a picked ranged within that chart.

My current test looks like the code below.

What exactly isn't working?

All the best,
Björn

    <dashboard>
      <label>Test</label>
      <row>
        <panel>
          <chart>
            <search>
              <query>index=_internal | timechart span=5m avg(timestartpos) as timestartpos avg(timeendpos) as timeendpos</query>
              <earliest>-1d@d</earliest>
              <latest>@d</latest>
            </search>
            <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
            ...
            <option name="charting.legend.placement">right</option>
            <selection>
              <set token="selection_earliest">$start$</set>
              <set token="selection_latest">$end$</set>
              <set token="start_data1">$start.timestartpos$</set>
              <set token="end_data1">$end.timestartpos$</set>
              <set token="start_data2">$start.timeendpos$</set>
              <set token="end_data2">$end.timeendpos$</set>
            </selection>
          </chart>
        </panel>
      </row>
      <row>
        <panel>          
          <table>            
            <search>
              <query>index=_internal | table _time timestartpos timeendpos | untable _time name data | stats min(data) avg(data) max(data) by name</query>
              <earliest>$selection_earliest$</earliest>
              <latest>$selection_latest$</latest>
            </search>
          </table>
        </panel>
        <panel>          
          <h3>Token values for the selection</h3>        
          <table border="0" cellpadding="12" cellspacing="0">
          <tr>
            <td>
                <p><b>Time range (epoch time)</b></p>
                <p><b>$$selection_earliest$$</b>: $selection_earliest$                  
<b>$$selection_latest$$</b>: $selection_latest$
            </td>
            <td>
                <p><b>Count at the begining and end of time range.</b></p>
                <p><b>$$start_data1$$</b>: $start_data1$                  
<b>$$end_data1$$</b>: $end_data1$
            </td>
            <td>
                <p><b>Count at the begining and end of time range.</b></p>
                <p><b>$$start_data2$$</b>: $start_data2$                  
<b>$$end_data2$$</b>: $end_data2$
            </td>
          </tr>
        </table>              
        </panel>  
      </row>
    </dashboard>
0 Karma
Reply

juvetm
Communicator
‎12-29-2014 02:46 AM 
<chart>
<title>Pan and Zoom (All source types)</title>
<searchString>
index=_internal | timechart count by sourcetype
</searchString>
<earliestTime>-7d@h</earliestTime>
<latestTime>now</latestTime>
. . .
<selection>
<set token="selection.earliest">$start$</set>
<set token="selection.latest">$end$</set>
<set token="start.splunk_web_access">$start.splunk_web_access$</set>
<set token="end.splunk_web_access">$end.splunk_web_access$</set>
</selection>
<chart>
<title>Pan and Zoom (Web access source type)</title>
<searchString>
index=_internal sourcetype=splunk_web_access
| timechart count by sourcetype
</searchString>
<earliestTime>$selection.earliest$</earliestTime>
<latestTime>$selection.latest$</latestTime>
. . .
</chart>

i think this example can help u try to use this code thanks and manage with your request

0 Karma
Reply

tydyg
Explorer
‎01-07-2015 09:56 AM

This code is what I used to develop what I have above. I still can't get this to work. I would ideally like to just develop a drilldown but I can't get that to work either.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...