Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About macfredough
macfredough
Explorer
Member since:
08-15-2023
08-22-2023
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 1 |
| Member Since | 08-15-2023 |
Activity Feed
- Got Karma for Re: How to generate timechart with hue?. 08-21-2023 03:25 PM
- Posted Re: How to generate timechart with hue? on Dashboards & Visualizations. 08-21-2023 12:27 PM
- Posted Re: How to generate timechart with hue? on Dashboards & Visualizations. 08-17-2023 11:41 AM
- Karma Re: How to generate timechart with hue? for bowesmana. 08-17-2023 11:41 AM
- Posted How to generate timechart with hue? on Dashboards & Visualizations. 08-16-2023 03:48 PM
- Posted Re: How to create multiple Values for Static Option on Multiselect field? on Dashboards & Visualizations. 08-16-2023 03:45 PM
- Karma Re: How to create multiple Values for Static Option on Multiselect field? for bowesmana. 08-16-2023 03:45 PM
- Karma Re: How to create multiple Values for Static Option on Multiselect field? for bowesmana. 08-16-2023 03:45 PM
- Posted Re: How to create multiple Values for Static Option on Multiselect field? on Dashboards & Visualizations. 08-16-2023 10:12 AM
- Posted How to create multiple Values for Static Option on Multiselect field? on Dashboards & Visualizations. 08-15-2023 02:41 PM
- Tagged How to create multiple Values for Static Option on Multiselect field? on Dashboards & Visualizations. 08-15-2023 02:41 PM
- Tagged How to create multiple Values for Static Option on Multiselect field? on Dashboards & Visualizations. 08-15-2023 02:41 PM
Topics I've Started
08-21-2023
12:27 PM
1 Karma
Not sure what happened, but logged in over the weekend and somehow I have what I want lol. Was getting frustrated on Thursday and have up but must have done something right. Here is the code... and image of graph and table. Thanks for all your help!!! |inputlookup $lookupToken$
|where _time <= $tokLatestTime$
|where _time >= $tokEarliestTime$
|search $lab_token$
|search $analyte_token$
|search $location_token$
|sort _time desc
|fieldformat _time=strftime(_time, "%Y-%m-%d")
|table Analyte, _time, Results
|timechart span=1d max(Results) by Analyte
|eval Results=null()
... View more
08-17-2023
11:41 AM
Thanks for your help and the suggestion group search statements in single command that is very useful. I followed your suggestion and still am not getting a plot. Does this work with scatter plot or only line plot as I went to link you tagged and from there it stated to use line plot. Here is the code below and snips of what I am seeing. |inputlookup $lookupToken$
|where _time <= $tokLatestTime$ AND _time >= $tokEarliestTime$
|search $lab_token$ $analyte_token$ $location_token
|replace "ND" WITH 0 IN Results
|timechart max(Results) as Results by Analyte
|append [
|inputlookup $lookupToken$
|where _time <= $tokLatestTime$ AND _time >= $tokEarliestTime$
|search $lab_token$ $analyte_token$ $location_token$
|replace "ND" WITH 0 IN Results
|bin _time span=1d
|stats max(Results) as Results by _time Analyte
|eval Results=null()
]
|sort _time
|fields - Results Scatter Plot w/ suggested code Line Plot w/ suggested code Now if I remove the Results=null(), remove replacing ND with 0 and switch fields to Analyte instead of Results I get points again and something close to what I want but still off a bit. I am hoping to see the analytes on the legend. You have any further suggestions? I feel I am close. |inputlookup $lookupToken$
|where _time <= $tokLatestTime$ AND _time >= $tokEarliestTime$
|search $lab_token$ $analyte_token$ $location_token
|timechart max(Results) as Results by Analyte
|append [
|inputlookup $lookupToken$
|where _time <= $tokLatestTime$ AND _time >= $tokEarliestTime$
|search $lab_token$ $analyte_token$ $location_token$
|bin _time span=1d
|stats max(Results) as Results by _time Analyte
]
|sort _time
|fields - Analyte Scatter plot still is blank Line Plot is close but still missing analyte names
... View more
08-16-2023
03:48 PM
I want to generate a time chart that shows time on x-axis, results on y-axis and hue (legend) showing the different analytes. So far this what I have generated which is not the format I am looking for. I have the search code below. I probably do not need fieldformat but was thinking I needed the correct datatype. I am used to python Jupyter notebooks and am quite new to Splunk. Any help would be very appreciated. For example, I am showing a scatter plot from python that I can generate that mirrors what I am looking for in Splunk Incorrect Splunk Scatter Plot Example of What I want to get to |inputlookup $lookupToken$ |where _time <= $tokLatestTime$ |where _time >= $tokEarliestTime$ |search $lab_token$ |search $analyte_token$ |search $location_token$ |sort _time desc |replace "ND" WITH 0 IN Results |table _time, Results, Analyte |fieldformat _time=strftime(_time, "%Y-%m-%d")
... View more
08-16-2023
03:45 PM
Thanks for your help, I was able to get this to work!!
... View more
08-16-2023
10:12 AM
Thanks for your response. I have tried the code, but I am still getting an error on the next multiselect field, stating that "could not create search". Here is code past that of lab_token and screen shot of dashboard. <input type="multiselect" token="lab_token" searchWhenChanged="true">
<label>Result Status</label>
<search>
<query/>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<choice value="Offsite Complete,OffsiteNeedsReview">Offsite Analysis</choice>
<choice value="QA Approved,Analysis Approved">Onsite Analysis</choice>
<valueSuffix>,</valueSuffix>
<prefix>ResultStatus IN(</prefix>
<suffix>)</suffix>
<delimiter> </delimiter>
</input>
<input type="multiselect" token="analyte_token" searchWhenChanged="true">
<label>Select Analyte</label>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>Analyte="</valuePrefix>
<valueSuffix>"</valueSuffix>
<delimiter> OR </delimiter>
<fieldForLabel>Analyte</fieldForLabel>
<fieldForValue>Analyte</fieldForValue>
<search>
<query>|inputlookup $lookupToken$
|where _time <= $tokLatestTime$
|where _time >= $tokEarliestTime$
|where $lab_token$
|stats count by Analyte</query>
</search>
... View more
08-15-2023
02:41 PM
Hello,
I am rather new to Splunk and I have two values that I want to search for, but I want to combine them to one name in multiselect option (easier for user).
There are two coded values for offsite sample and onsite samples which are
offsite samples = "OffsiteComplete" and "OffsiteNeedsReview"
onsite samples = "QA Approved" and "Analysis Complete"
I have tried to add these both as values and use OR as delimiter but no success. Please help! Code is below and screenshot
<form> <label>LIMS Analytical Data</label> <description>Select Year Range First</description> <search> <query>| makeresults | add info </query> <earliest>$time_token1.earliest$</earliest> <latest>$time_token1.latest$</latest> <done> <eval token="tokEarliestTimeString">strftime($result.info_min_time$,"%Y/%m/%d %H:%M:%S %p")</eval> <eval token="tokLatestTimeString">if($result.info_max_time$="+Infinity",strftime(relative_time(now(),"0d"),"%Y/%m/%d %H:%M:%S %p"),strftime($result.info_max_time$,"%Y/%m/%d %H:%M:%S %p")</eval> <eval token="tokEarliestTime">$result.info_min_time$</eval> <eval token="tokLatestTime">if($result.info_max_time$="+Infinity",relative_time(now(),"0d"),$result.info_max_time$)</eval> </done> </search> <fieldset submitButton="true"> <input type="dropdown" token="lookupToken" searchWhenChanged="true"> <label>Year Range</label> <choice value="LIMSCSV.csv">2022-2023</choice> <choice value="LIMS2021.csv">2021</choice> <choice value="LIMS2020.csv">2020</choice> <choice value="LIMS2019.csv">2019</choice> <choice value="LIMSPre2019.csv">Pre-2019</choice> <default>LIMSCSV.csv</default> <initialValue>LIMSCSV.csv</initialValue> </input> <input type="time" token="time_token1" searchWhenChanged="true"> <label>Select Time Range within Year Range</label> <default> <earliest>-7d@h</earliest> <latest>now</latest> </default> </input> <input type="multiselect" token="lab_token" searchWhenChanged="true"> <label>Result Status</label> <delimiter> OR </delimiter> <search> <query/> <earliest>-24h@h</earliest> <latest>now</latest> </search> <choice value="OffsiteComplete,OffsiteNeedsReview">Offsite Analysis</choice> <choice value="QA Approved">Onsite Analysis</choice> <valuePrefix>ResultStatus="</valuePrefix> <valueSuffix>"</valueSuffix> </input> <input type="multiselect" token="analyte_token" searchWhenChanged="true"> <label>Select Analyte</label> <prefix>(</prefix> <suffix>)</suffix> <valuePrefix>Analyte="</valuePrefix> <valueSuffix>"</valueSuffix> <delimiter> OR </delimiter> <fieldForLabel>Analyte</fieldForLabel> <fieldForValue>Analyte</fieldForValue> <search> <query>|inputlookup $lookupToken$ |where _time <= $tokLatestTime$ |where _time >= $tokEarliestTime$ |where $lab_token$ |stats count by Analyte</query> </search>
... View more
Labels
- Labels:
-
dashboard
-
Dashboard Studio
