Hello,
I tired to sum two timecharts in another one, using tokens.
It's easy to sum counted value using stats, but I have problem with timecharts, is there any way to do this?
<form>
<label>Single Value Token</label>
<fieldset submitButton="false">
<input type="time" token="tokTime" searchWhenChanged="true">
<label></label>
<default>
<earliest>-60m@m</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<single>
<title>Panel 1 (Error)</title>
<search>
<query>index=_internal sourcetype=splunkd log_level="Error"
| timechart count as Error</query>
<earliest>$tokTime.earliest$</earliest>
<latest>$tokTime.latest$</latest>
<done>
<condition match="$job.resultCount$==0">
<set token="tokError">0</set>
</condition>
<condition>
<set token="tokError">$result.Error$</set>
</condition>
</done>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
<panel>
<single>
<title>Panel 2 (Warn)</title>
<search>
<done>
<condition match="$job.resultCount$==0">
<set token="tokWarn">0</set>
</condition>
<condition>
<set token="tokWarn">$result.Warn$</set>
</condition>
</done>
<query>index=_internal sourcetype=splunkd log_level="WARN"
| timechart count as Warn</query>
<earliest>$tokTime.earliest$</earliest>
<latest>$tokTime.latest$</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
<panel>
<single>
<title>Panel 3 (Sum)</title>
<search>
<query>| makeresults
| eval ratio=$tokError$+$tokWarn$
|table ratio
| timechart count as ratio</query>
<earliest>$tokTime.earliest$</earliest>
<latest>$tokTime.latest$</latest>
</search>
<option name="drilldown">none</option>
<option name="numberPrecision">0.000</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
</row>
</form>
Code give me value 1.000 in Panel 3 (Sum)
Or there is another way to save trends?
