Solved: TimeChart Display query result in text format

smahuja · ‎06-25-2020

Hello,

I have a timechart with multiple fields, I want to append existing query or add new query to display one field as a text in graph.

Example:

I am having above graph, want to display text (field) from search query at the two purple circles .

Thanks,

rnowitzki · ‎06-26-2020

Hello @smahuja ,

Not sure what you exactly mean.

If the filename/objectname is in the results of your annotation search, you can display it as the text of the Annotation.

| eval annotation_label = <field>

Is that what you need?

--
Karma and/or Solution tagging appreciated.

View solution in original post

rnowitzki · ‎06-26-2020

Hi @smahuja ,

Should the text also be alligned to some time on the chart?

If I understood your request correct, you could work with Event Annotation.
https://docs.splunk.com/Documentation/Splunk/latest/Viz/ChartEventAnnotations

You have to edit the Dashboards XML as described in the Documentation.

Hope this helps.

Ralph

--
Karma and/or Solution tagging appreciated.

smahuja · ‎06-26-2020

Hello rnowitzki

Thanks for your reply, although I was looking for a proper string like fileName/objectName. If you know anything like that, please let me know otherwise I find this also helpful.

Thanks,

rnowitzki · ‎06-26-2020

Hello @smahuja ,

Not sure what you exactly mean.

If the filename/objectname is in the results of your annotation search, you can display it as the text of the Annotation.

| eval annotation_label = <field>

Is that what you need?

--
Karma and/or Solution tagging appreciated.

TimeChart Display query result in text format

chart

field extraction

fields

join

subsearch

table

timechart

transaction

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!