Hello,
I am trying to use the custom splunk visualisation.
I have formatted my search as the following:
index=my_index my_search
| timechart span=30s sum(qty) as "Qty"
However, when trying to apply the timeline visualization, each qty is displayed on it's own row instead of a single row with each 30s sum shown.
Each one of the blue circles represents a qty.
Bad example of what is currently happening
Below is what I am trying to achieve, each 30s bin shows a blue event circle and when mouseover it shows the sum of qty in that bin.
Good example
Below is the format of my data
_time
qty
2023-03-23 09:46:00
80
2023-03-23 09:46:30
85
2023-03-23 09:47:00
180
2023-03-23 09:47:30
276
2023-03-23 09:48:00
120
2023-03-23 09:48:30
390
2023-03-23 09:49:00
411
2023-03-23 09:49:30
125
2023-03-23 09:50:00
173
2023-03-23 09:50:30
40
2023-03-23 09:51:00
314
Thank you for any help.
Ultimately I want to see different fields on each row, this one will be qty, the next will be rating etc
... View more