How to chart with multiple values on legend

Dherom · ‎09-03-2019

I want to have different values in the legend of a column and that the yaxis is a specific value of this legend.

sourcetype="securitycenter" asset=AMER_MS_SRV OR asset=EMEA_MS_SRV OR asset=APAC_MS_SRV 
|  rex field=asset "(?.*)_MS_SRV|"
|chart  eval(round(latest(crit),0)) as C by name |eval pos = case(name=="AMER","1",name=="EMEA","2",name=="APAC","3",name==name,"4") | sort pos| eval target=1 | table name, C, target

In this image I want to add Totips:totalvalue to legend and y-axis are "C".

Dherom · ‎09-05-2019

I want add another value field 'totips' (on same char) and shown multiple values on same bar and this bar evaluated with 'C' field

thanks you for you answer

Dherom · ‎09-10-2019

i want other value to highligh linked.
Example

name:AMER
C:19
totips:890

but dont shown this bar(totips) in this panel. I did trellis values but i dont order by name, order by xaxys value(totips) and i want this.

tscroggins · ‎09-10-2019

I don't think you can do this in a column chart. The tooltip HTML is created from a single series using the point value (X,Y) under the mouse pointer.

Are you open to custom solutions, or are you restricted to pure SimpleXML?

tscroggins · ‎09-03-2019

Can you clarify your question? "Totips" isn't a field in your search. If you want to display e.g. "Totips: 19" in place of "C: 19" in the tooltip, then simply replace C with Totips in your search:

How to chart with multiple values on legend

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability