Hi, I have a chart that is a count of alerts by hostname and severity. I'd like to add a column that is a sparkline of alerts by time for each host. Here is my search and a screenshot of my chart with desired outcome. Help please?
index=techmon sourcetype="techmon_hpom_messages_history" | chart count by NODE_NAME,SEVERITY | addTOTALS labelfield=SEVERITY label=Total| sort -Total| head 20
Apparently need more splunk karma to post an attachment or a link so I will type out the chart here:
NODE_NAME | Critical | Major | Minor | Normal | Warning | Total |
Host 1             | 5        | 3          | 10     | 0           | 8            | 36 |
Host 2             | 1        | 3          | 6       | 3           | 8            | 19 |
Host 3              | 2        | 6          | 0      | 5           | 2            | 15 |
I want to add Sparkline after total that will graph the alerts over time. The field for the time is LOCAL_RECEIVING_TIME.
Thanks folks
... View more