Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Dynamic dashboard - time range, span and other...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dynamic dashboard - time range, span and others
xradim
Explorer
03-18-2011
10:06 AM
Is possible to add into Dashboard graph drop down menus where could be definition of time range? I am looking for similar option which is available in search itself. I would like to have time range as variable I can change in graph itself so I don't have to update searches.
Thanks
Radim
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
BobM
Builder
08-01-2011
05:52 AM
If you don't want to resort to advanced xml, convert your dashboard to a form and add the input type of time. Below is a simple example.
<form>
<label>My Dashboard as a form</label>
<fieldset autoRun="true" >
<input type="time" />
</fieldset>
<row>
<single>
<searchTemplate>mysearch | stats count | rangemap field=count low=0-0 elevated=1-10 default=severe</searchTemplate>
<title>Responses outside SLA</title>
<option name="classField">range</option>
</single>
</row>
<row>
<chart>
<searchName>MySavedSearch</searchName>
<title>My Saved Search</title>
<option name="charting.chart">line</option>
<option name="charting.legend.placement">bottom</option>
</chart>
</row>
<form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ayn
Legend
03-18-2011
12:07 PM
Sure. Not sure you can achieve this with simple XML, but it can certainly be done with advanced XML by wrapping your panels within TimeRangePicker modules.
The following example takes the saved search "Requests over time" and presents the results as an area chart, where the timerange for this chart is defined by the timerange picker chosen by the user.
<module name="TimeRangePicker" layoutPanel="panel_row2_col1" group="Requests per second by action">
<param name="searchWhenChanged">True</param>
<param name="selected">Last 60 minutes</param>
<module name="HiddenSavedSearch" autoRun="True">
<param name="useHistory">false</param>
<param name="savedSearch">Requests over time</param>
<module name="EnablePreview">
<param name="enable">true</param>
<param name="display">false</param>
<module name="HiddenChartFormatter">
<param name="chart">area</param>
<param name="chart.stackMode">stacked</param>
<param name="chart.nullValueMode">zero</param>
<module name="FlashChart">
<param name="height">300px</param>
<module name="ViewRedirectorLink">
<param name="viewTarget">flashtimeline</param>
<param name="label">View full results</param>
</module>
</module>
</module>
</module>
</module>
</module>
You can also have one TimeRangePicker that drives all charts in a dashboard instead of having one TimeRangePicker per chart. All you need to do to get that behaviour is to give the TimeRangePicker its own layoutPanel that is separate from the chart panels, and then wrap them all in, as in the following example.
<module name="TimeRangePicker" layoutPanel="panel_row1_col1">
<param name="searchWhenChanged">True</param>
<param name="selected">Last 60 minutes</param>
<module name="HiddenSavedSearch" layoutPanel="panel_row2_col1" group="Requests per second by action" autoRun="True">
<param name="useHistory">false</param>
<param name="savedSearch">Requests over time</param>
<module name="EnablePreview">
<param name="enable">true</param>
<param name="display">false</param>
<module name="HiddenChartFormatter">
<param name="chart">area</param>
<param name="chart.stackMode">stacked</param>
<param name="chart.nullValueMode">zero</param>
<module name="FlashChart">
<param name="height">300px</param>
<module name="ViewRedirectorLink">
<param name="viewTarget">flashtimeline</param>
<param name="label">View full results</param>
</module>
</module>
</module>
</module>
</module>
<module name="HiddenSavedSearch" layoutPanel="panel_row2_col2" group="Bandwidth over time" autoRun="True">
<param name="useHistory">false</param>
<param name="savedSearch">Bandwidth over time</param>
<module name="EnablePreview">
<param name="enable">true</param>
<param name="display">false</param>
<module name="HiddenChartFormatter">
<param name="chart">line</param>
<param name="chart.nullValueMode">zero</param>
<module name="FlashChart">
<param name="height">300px</param>
<module name="ViewRedirectorLink">
<param name="viewTarget">flashtimeline</param>
<param name="label">View full results</param>
</module>
</module>
</module>
</module>
</module>
</module>
Get Updates on the Splunk Community!
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...
Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...
Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies
Olga Malita
The ...
