Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Horseshoe visualisation - Complex Logic

RobertEttinger8
Loves-to-Learn Lots
‎03-25-2021 05:45 AM

Hi,

I've been struggling with the horseshoe visualisation for a couple days. I have a specific scenario I would like to present but not sure if this can be done:

I have a table with 2 rows and 3 fields per row: source, count, status. Example:

source,count,status

sourceA,200,0(not breached)

sourceB,100,0(not breached)

sourceC, 100,1(breached)

I would like to show a horseshoe per source (trellis) where the dial shows the count but the color is based on the status. So, for instance, sources B and C would be similar looking (count-wise) but the color would be different as one is breached and the other one is not...

Is that possible? I've seen some posts about showing a different value as a token, but this doesn't work because 1-I need to work with multiple sources and 2-Each row may have its own threshold....

Thanks! 🙂

Labels (3)
Tags (3)
0 Karma
Reply

tscroggins
Influencer
‎03-28-2021 09:29 AM

@RobertEttinger8 

Are you using the built-in radial gauge or the custom horseshoe meter?

The horseshoe meter trellis option splits by aggregation (column), so your results should include one event with one field per value:

| makeresults count=3
| streamstats count
| eval value=round(100*random()/2147483647)
| fields - _time
| transpose 0 header_field=count
| fields - column

RobertEttinger8_horseshoe.png

0 Karma
Reply

RobertEttinger8
Loves-to-Learn Lots
‎03-28-2021 10:56 PM

Hi,

 

I was talking about the horseshoe meter... 

 

The challenge comes when trying to apply different thresholds per horseshoe when using trellis and to display a value but the color of the threshold is based on another field... I actually found a visualization that allows this, the "Display Number Viz". It is a game changer for me 🙂

Thanks,

R

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...