- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- I have a chart question
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a chart question
Well hello there....
I have been reading about the charting options and I'm still a bit lost on how to change something.
I originally had a single value display that looked like this on a dashboard:
<label>Balance Email Summary - Last 24 Hours</label>
<row>
<single>
<title>Total Emails To Send For All Registries</title>
<searchName>balance_email_to_send</searchName>
<fields>TotalEmailsToSend</fields>
</single>
<single>
<title>Total Emails Sent To All Registries</title>
<searchName>balance_email_sent</searchName>
<fields>TotalEmailsSent</fields>
</single>
I now wanted to take out the single and make it into a chart. The problem is if I do that, the values at the bottom of the chart are not reflecting on the numbers that are present after the search is complete. The numbers only go from 0-100 and I really would need them to go from like 1000 to 2000.
How can you change the numbers at the bottom of the chart?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
advanced xml is here i believe:
<module name="HiddenSavedSearch" layoutPanel="panel_row1_col1" group="Total Emails To Send For All Registries" autoRun="True">
<param name="savedSearch">balance_email_to_send</param>
<param name="groupLabel">Total Emails To Send For All Registries</param>
<module name="ViewstateAdapter">
<param name="savedSearch">balance_email_to_send</param>
<module name="HiddenFieldPicker">
<param name="fields">TotalEmailsToSend</param>
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.chart">bar</param>
<module name="FlashChart">
<param name="width">100%</param>
<param name="height">400</param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
<module name="ViewRedirectorLink">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
</module>
</module>
</module>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The search for "balance_email_to_send" looks like this:
sourcetype="cron_BalanceEmail" (source="asia" OR source="info" OR source="org") starthoursago="24" BalanceEmail sent | rex field=_raw "[BalanceEmail] ?(?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you add the search that you're using? Also the simplified XML converts to advanced XML under the hood and there's often problems in the conversion -- tacking ?showsource=1 on the URL, scrolling down and copying-and-pasting the advanced XML may reveal where it's gone wrong.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
