×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
hchang
New Member
Member since: ‎12-02-2016
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-02-2016
View All

How to edit my search to incorporate a sparkline b...

by in Dashboards & Visualizations
‎12-02-2016 06:16 AM
‎12-02-2016 06:16 AM
Hi, I have some data like below, and I am trying to make a weekly summary. index week machine num_of_alert usage wk_44 host1 0 usage wk_44 host2 0 usage wk_45 host1 10 usage wk_45 host2 2 usage wk_46 host1 0 usage wk_46 host2 1 The format of the weekly summary is like below. Basically I just wanna show the number of alerts for the last week and a column that shows the trend (total alerts of each week) for each week. index sparkline total_alert usage -----/ \------- 1 I tried the following search and I was hoping the Splunk can make a sparkline based on three values (wk44: 0, wk45: 12, wk46: 1) so that when I review the data for the most recent week, I can also see the history trend, unfortunately the sparkline doesn't work as I expected (spike in the middle). In the beginning I tried sparkline(ttl_alert) , it doesn't work either. | stats sum(num_of_alert) AS ttl_alert by index week | stats sparkline(sum(ttl_alert)) last(ttl_alert) by index Can anyone advise how to make this work? Thanks, Frank ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM