×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
DBbd
Observer
Member since: ‎11-07-2025
‎01-07-2026
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-07-2025
View All

Re: Single value major and trend value showing as ...

by in Dashboards & Visualizations
‎11-07-2025 11:59 AM
‎11-07-2025 11:59 AM
index="soar" Severity="Sev4" | timechart count as sev_4 the table view of this query is providing results. I am looking at past 7 days, there are 3 events spread over the 7-day period. Also, the last value in the search is a 1.  ... View more

Single value major and trend value showing as 0.

by in Dashboards & Visualizations
‎11-07-2025 07:15 AM
‎11-07-2025 07:15 AM
Use case: looking to create a dashboard with a single value panel that shows major value and trend value for tps by severity. However attempts with current queries aren't successful. Example. Running a query like: index="soar" Severity="Sev1" | stats count will show the accurate value, but to show the trend value it needs to be timechart, however when running query index="soar" Severity="Sev1" | timechart count as sev4 i get a 0 value for both major and trend value. In these cases we are using the global time range. Environment is Splunk Cloud and the dashboards are in dashboard studio. the stats query works in both search and in the dash. Only issue is with the timechart. No matter the approach it shows 0 for both major and trend value. But outside dashboard it does work, but not inside. the time picker is set by default for last 7 days. the domain reference is default so global.time.earliest - global.time.latest. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-07-2026 01:57 PM