Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Zoom with second dashboard not working

tydyg
Explorer
‎12-17-2014 12:44 PM

I am performing a sentiment analysis on RSS feeds over time and want to make a timechart zoom capability in my dashboard. Currently I cannot get this to work. I want the zoom to display in another chart. my first chart looks like this:

    <title>Sentiment Over Time</title>
    <searchString>index = rss_2  | dedup link  | sentiment imdb title | timechart avg(sentiment)</searchString>
    <earliestTime>0</earliestTime>
    <latestTime>now</latestTime>
    <selection>
      <set token="selection_earliest">$start$</set>
      <set token="selection_latest">$end$</set>
      <set token="start_splunk_web_access">$start.avg(sentiment)$</set>
      <set token="end_splunk_web_access">$end.avg(sentiment$)</set>
    </selection>

my second chart looks like this:

    <title>Zoom in Sentiment Visual</title>
    <search>
      <query>index = rss_2 | dedup link | sentiment imdb title | timechart avg(sentiment)</query>
      <earliest>$selection_earliest$</earliest>
      <latest>$selection_latest$</latest>
    </search>
  </chart>

my goal is to be able to zoom in on a specific time frame and view the individual titles of the RSS feeds so that the user can see which titles are generating low or high sentiment quickly without having to execute any further search strings.

I have tried drilldown capability in the dashboard and cant get that to work as I want it to either.

Any help is much appreciated as I've been developing this APP for almost 4 months

0 Karma
Reply

bjoernjensen
Contributor
‎01-09-2015 06:39 AM

Hi,

I think your approach bases mostly on the "Pan and zoom chart controls" (Link). This should work basically. The one thing that will be "disabled" using another chart is the visual zoom itself. You will find yourself with a picked ranged within that chart.

My current test looks like the code below.

What exactly isn't working?

All the best,
Björn

    <dashboard>
      <label>Test</label>
      <row>
        <panel>
          <chart>
            <search>
              <query>index=_internal | timechart span=5m avg(timestartpos) as timestartpos avg(timeendpos) as timeendpos</query>
              <earliest>-1d@d</earliest>
              <latest>@d</latest>
            </search>
            <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
            ...
            <option name="charting.legend.placement">right</option>
            <selection>
              <set token="selection_earliest">$start$</set>
              <set token="selection_latest">$end$</set>
              <set token="start_data1">$start.timestartpos$</set>
              <set token="end_data1">$end.timestartpos$</set>
              <set token="start_data2">$start.timeendpos$</set>
              <set token="end_data2">$end.timeendpos$</set>
            </selection>
          </chart>
        </panel>
      </row>
      <row>
        <panel>          
          <table>            
            <search>
              <query>index=_internal | table _time timestartpos timeendpos | untable _time name data | stats min(data) avg(data) max(data) by name</query>
              <earliest>$selection_earliest$</earliest>
              <latest>$selection_latest$</latest>
            </search>
          </table>
        </panel>
        <panel>          
          <h3>Token values for the selection</h3>        
          <table border="0" cellpadding="12" cellspacing="0">
          <tr>
            <td>
                <p><b>Time range (epoch time)</b></p>
                <p><b>$$selection_earliest$$</b>: $selection_earliest$                  
<b>$$selection_latest$$</b>: $selection_latest$
            </td>
            <td>
                <p><b>Count at the begining and end of time range.</b></p>
                <p><b>$$start_data1$$</b>: $start_data1$                  
<b>$$end_data1$$</b>: $end_data1$
            </td>
            <td>
                <p><b>Count at the begining and end of time range.</b></p>
                <p><b>$$start_data2$$</b>: $start_data2$                  
<b>$$end_data2$$</b>: $end_data2$
            </td>
          </tr>
        </table>              
        </panel>  
      </row>
    </dashboard>
0 Karma
Reply

juvetm
Communicator
‎12-29-2014 02:46 AM 
<chart>
<title>Pan and Zoom (All source types)</title>
<searchString>
index=_internal | timechart count by sourcetype
</searchString>
<earliestTime>-7d@h</earliestTime>
<latestTime>now</latestTime>
. . .
<selection>
<set token="selection.earliest">$start$</set>
<set token="selection.latest">$end$</set>
<set token="start.splunk_web_access">$start.splunk_web_access$</set>
<set token="end.splunk_web_access">$end.splunk_web_access$</set>
</selection>
<chart>
<title>Pan and Zoom (Web access source type)</title>
<searchString>
index=_internal sourcetype=splunk_web_access
| timechart count by sourcetype
</searchString>
<earliestTime>$selection.earliest$</earliestTime>
<latestTime>$selection.latest$</latestTime>
. . .
</chart>

i think this example can help u try to use this code thanks and manage with your request

0 Karma
Reply

tydyg
Explorer
‎01-07-2015 09:56 AM

This code is what I used to develop what I have above. I still can't get this to work. I would ideally like to just develop a drilldown but I can't get that to work either.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...