I'm looking to create a dynamic chart from a summary index, but I'm not sure how to go about it. Basically, I need to create a report of meetings hosted by a number of business units over 13 months. Obviously, I don't want to run that search every time. There are two challenges. First, the BU's change from time to time. So, I really don't want to hardcode them into the search. Second, the only method I can see to do a timechart max(BU_1), max(BU_2), max(BU_3). I'd like Splunk to just pick this up automatically during the search.
I have added to the summary index the values for each BU per month. Basically the search stores the data in the summary as BU_1=xxxxx BU_2=yyyyy BU_3=zzzzz, etc. Can someone suggest a method to get this data into a chart, without hardcoding the Business Units into the search?
... View more