Dashboards & Visualizations

Can you help me make a comparison dashboard?

sandeepmakkena
Contributor

Hello.,

I am trying to build a dashboard with Total transactions, Total Successful transactions, Total Failed transactions and a time chart with span that shows successful and failed transaction. I would like to give an option to users to pick day-to-day, week-to-week and month-to-month and also number of days or weeks or months they want to compare. Depending on the options they picked, my dashboard displays the relevant information.

Please help me figure out how to achieve this. Day-to-Day will be 7days, week-to-week will be 4weeks and month-to-month will be 4months.

You're welcome to express if there is a better ways of achieving the same outcome.

Thank you.

0 Karma

niketn
Legend

@sandeepmakkena you should explore the timewrap command (Splunk 6.5 and above). However, depending on the variation in the time overlap you can also check out the Splunk Blog to overlay two time series: https://www.splunk.com/blog/2012/02/19/compare-two-time-ranges-in-one-report.html

Be conscious of Sub Search limitations as data truncation may drop events.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

sandeepmakkena
Contributor

Thanks for the reply, but that does not answer few more questions I Have
1. Best way to display single value of each day ? Like total transactions today, yesterday and day before and so on
2. I would like to give them an option pick span depending on the time range they picked like if it's 24hrs span should display 15min or 30mins or 1hr. if the time range is more than 24hrs span options should be like 1hr etc

0 Karma

niketn
Legend

If you are showing Time Series Data One option would be to use Single Value Visualization with Trending... however, if you just want to show the total count for a day or previous day etc. You can using Splunk Post Processing Search to perform a sum() of count for a particular day (result of timechart command in the base search) and display the same in Single Value Panel (or HTML Panel).

For Post Processing Search example and Single Value Visualization, please refer to Splunk Dashboard Examples App.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...