Hi, I agree. I moved to studio because someone recommended me:https://community.splunk.com/t5/Dashboards-Visualizations/How-to-improve-the-filter-input/m-p/668513#M54700 I have already converted the dashboard and created a much more impressive visualization so i prefer to stay with the studio version but i have a problem because tabs are not supported. Do you know about a workaround solution?  thanks ... View more

i also want to know how to increase all labels and title in bar chart (dashboard studio) ... View more

nice idea the conversation doesn't really works but it's a nice direction! Anyway, the filter doesn't work. the error (studio) :"Cannot convert undefined or null to object" code: {     "options": {         "items": [             {                 "label": "All",                 "value": "*"             }         ],         "defaultValue": "*",         "token": "WinTimeStamp"     },     "title": "Multiselect Input Title",     "type": "input.multiselect",     "dataSources": {         "primary": "ds_ICA_General"     } } classic studio code: <input type="multiselect" token="WinTimeStamp" searchWhenChanged="true"> <label>Time</label> <choice value="%">All</choice> <default>%</default> <prefix>(</prefix> <suffix>)</suffix> <valuePrefix>(WinTimeStamp like("</valuePrefix> <valueSuffix>"))</valueSuffix> <delimiter> OR </delimiter> <fieldForLabel>WinTimeStamp</fieldForLabel> <fieldForValue>WinTimeStamp</fieldForValue> <search base="ICA_General"> <query>  | stats values(WinTimeStamp) as WinTimeStamp_ | sort WinTimeStamp_</query> </search> </input> ... View more

how can i convert classic dashboard type to studio?  ... View more

how to change my code to something like the filter in the image?  https://docs.splunk.com/Documentation/Splunk/9.1.1/DashStudio/inputMulti ... View more

i added: | xyseries CT,foo,countE  to my query i think its ok 🙂 ... View more

Thanks but how to present that in a bar chart? (to add foo to my bar chart). I can present that only in a table | stats sum(CountEvents) by CT | rename "sum(CountEvents)" as "countE" | eventstats sum(countE) as Total | eval perc=round(countE*100/Total,2) | eval foo = countE . "(" . perc ."%" .")" | fields - Total perc ... View more

Can we show them in one row? for example:  223,229 (45%) it will look much better ... View more

Hi thanks not soo petty, but good enough as a workaround Do you know how can I add "%" to each value? current query: | stats sum(CountEvents) by CT | rename "sum(CountEvents)" as "CountEvents" | eventstats sum(CountEvents) as Total | eval percentages%=round(CountEvents*100/Total,2) | fields - Total ... View more

Ok i understand, so what do you recommend me to do in my case to improve the performance? It takes too long time to load and run queries.. And how can I extract all the original fields from the index? in case I execute the report without aggregation (without stats) to pull data from index : index=summary source="SummaryIndex_Main" | table *   ... View more

Hi , First query: I get the results. The error still exists but I get the data. The problem is that I need to extract the original fields, not sure that I get all of them i will check. in addition, it takes time to extract and i thought that the summary index supposes to improve the performance. Second query: The query stopped and the errors are: "DAG Execution Exception: Search has been canceled  Search auto-canceled Events might not be returned in sub-second order due to search memory limits. See search.log for more information. Increase the value of the following limits.conf setting:[search]:max_rawsize_perchunk.The search job has failed due to an error. You may be able view the job in the" thanks! ... View more

But I have a problem extracting data from the index not writing to the index.  (when I created the index I schedule a daily job on a range of 24  hours (data of 1.8, 2.8,..,6.8 separately). Now I need to use the data that was collected in the index and present data of 30 days ... View more