Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a dashboard with dynamic StatisticTables for each month having data for specified date range (fromdate to todate)?

abhishekroy168
Path Finder
‎03-21-2018 09:33 PM

Hi,
I want to display the statistic table for each month dynamically. Within selected time range i have to filter the data according to monthwise.
so, please provide the SPL query to solve this problem using Simple XML.
Is it possible by simple Xml? If No, then how to do this in HTML with solution?
For Example: I want to display the data for the specified time as below: (fromdate=01/01/2018 and todate=31/03/2018)

Jan 2018

category no of incidents total operation time
Hardware 2 20
Software 4 60
Network 3 35

Feb 2018

category no of incidents total operation time
Hardware 1 20
Software 4 60
Network 2 10

same for daywise and weekwise according to the token selection.

Tags (1)
0 Karma
Reply

damiensurat
Contributor
‎03-22-2018 04:52 AM

This should help

Your search | bucket _time span=1month | stats sum(field1) as totalField1, sum(field2) as totalField2 by _time

Or

Your search | Timechart sum(field1) as TotalField1, sum(field2) as totalField2 span=1month.

0 Karma
Reply

tiagofbmm
Influencer
‎03-22-2018 04:43 AM

You just need to use the Time Picker and connect it to the statistics table.

Copy this simple XML and tell me if you are clarified

 <form>
      <label>Time</label>
      <fieldset submitButton="false">
        <input type="time" token="timepicker">
          <label></label>
          <default>
            <earliest>-24h@h</earliest>
            <latest>now</latest>
          </default>
        </input>
        <input type="dropdown" token="src">
          <label>Sources</label>
          <fieldForLabel>source</fieldForLabel>
          <fieldForValue>source</fieldForValue>
          <search>
            <query>| tstats count where index=_internal by source</query>
            <earliest>$timepicker.earliest$</earliest>
            <latest>$timepicker.latest$</latest>
          </search>
        </input>
      </fieldset>
      <row>
        <panel>
          <table>
            <search>
              <query>| tstats count where index=_internal by source</query>
              <earliest>$timepicker.earliest$</earliest>
              <latest>$timepicker.latest$</latest>
            </search>
            <option name="drilldown">none</option>
            <option name="refresh.display">progressbar</option>
          </table>
        </panel>
      </row>
    </form>
0 Karma
Reply

damiensurat
Contributor
‎03-22-2018 04:42 AM

Can you provide the Search you are using? Are you using the timechart command in your search?

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...