Chart Visualization Updates

aquinojason · ‎01-13-2022

Hi,

Could you help me why the values for the Y-Axis is not being set correctly? I specified 6000 with interval of 500 but I am getting 5446 as attached.

I also want to know how I can update the X-axis to display the data per week instead of per Month. I tried using span by I am not getting a good results.

I am using the following:

index=xxxxx sourcetype=xxxx EXPRSSN=IBM4D* | eval DATE=strftime(strptime(DATE,"%d%b%Y"),"%Y-%m-%d") | table EXPRSSN DATE MIPS | eval _time=strptime(DATE." "."00:00:00","%Y-%m-%d %H:%M:%S") | chart list(MIPS) over _time by EXPRSSN

aquinojason · ‎01-13-2022

Hi,

I tried it but didn't really changed the visual much.

Thanks and Regards,

ITWhisperer · ‎01-13-2022

Can you share your simple XML for the chart?

aquinojason · ‎01-13-2022

Hi,

It will be this one.

<dashboard>
<label>13MONTH</label>
<row>
<panel>
<title>13 MONTH WEEKLY CPU AVERAGE AND HIGH WATER MARK WITH WEEKLY AVERAGE TREND</title>
<chart>
<title>IBM4D</title>
<search>
<query>index=xxxxxx sourcetype="xxxxxx" EXPRSSN=IBM4D* | eval DATE=strftime(strptime(DATE,"%d%b%Y"),"%Y-%m-%d") | table EXPRSSN DATE MIPS | eval _time=strptime(DATE." "."00:00:00","%Y-%m-%d %H:%M:%S") | chart list(MIPS) over _time by EXPRSSN | trendline sma2(MIPS) as trend</query>
<earliest>0</earliest>
<latest></latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisLabelsY.majorUnit">500</option>
<option name="charting.axisTitleX.visibility">collapsed</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.maximumNumber">6000</option>
<option name="charting.axisY.minimumNumber">0</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">area</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.overlayFields">IBM4DPEAK</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisStart</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">bottom</option>
<option name="charting.lineWidth">2</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
</dashboard>

Thanks and Regards,

ITWhisperer · ‎01-13-2022

Your issue is to do with the amount of space you have to display your chart and the number of major intervals on the y axis. The chart will attempt to display about 10 intervals. You have 12 (6000/500). When there isn't sufficient height to display the intervals (each interval has a minimum height depending on the font size being used by the viz), the intervals get adjusted e.g. no longer 500. The solution is either to increase the interval size, e.g. 1000 giving you 6 intervals to display, or increase the height taken by the chart

<option name="height">450</option>

aquinojason · ‎01-13-2022

Hi,

Thank you. This worked for the Y-axis display. Would you know how I can update the X-axis interval also?

Thanks and Regards,

ITWhisperer · ‎01-13-2022

Your issue there is that your x-axis is _time - charts treat _time in special ways - one way around this would be to assign a new field to a formatted version of time

| bin _time span=7d
| eval time=strftime(_time,"%y-%m-%d")
| chart sum(MIPS) over time by EXPRSSN

aquinojason · ‎01-13-2022

@ITWhisperer wrote:
Your issue there is that your x-axis is _time - charts treat _time in special ways - one way around this would be to assign a new field to a formatted version of time

| bin _time span=7d
| eval time=strftime(_time,"%y-%m-%d")
| chart sum(MIPS) over time by EXPRSSN

I tried spanning for 7d and it showed differently. I wanted to span it still per day but wanted to display weeks on the x-axis instead of months.

ITWhisperer · ‎01-13-2022

Try

| bin _time span=7d

Chart Visualization Updates

chart

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk