Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About ChadW
ChadW
Explorer
Member since:
12-02-2022
03-08-2023
Community Statistics
| Posts | 8 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 12-02-2022 |
Activity Feed
- Posted Re: How to adjust Radial Gauge numeric range within a dashboard on Splunk Search. 03-13-2023 10:25 AM
- Tagged Combining multiple base searches into one dashboard chart on Dashboards & Visualizations. 03-04-2023 12:52 PM
- Tagged Combining multiple base searches into one dashboard chart on Dashboards & Visualizations. 03-04-2023 12:51 PM
- Posted Combining multiple base searches into one dashboard chart on Dashboards & Visualizations. 03-04-2023 12:50 PM
- Posted Re: How to display average from referenced dashboard widget results? on Dashboards & Visualizations. 03-02-2023 10:10 PM
- Posted Re: Average from referenced dashboard widget results on Dashboards & Visualizations. 03-02-2023 01:03 PM
- Posted How to display average from referenced dashboard widget results? on Dashboards & Visualizations. 03-02-2023 08:08 AM
- Posted Re: Why does stats count(eval always returns zero when partial non-existant values exist? on Splunk Search. 12-02-2022 12:02 PM
- Posted Re: Why does stats count(eval always returns zero when partial non-existant values exist? on Splunk Search. 12-02-2022 11:59 AM
- Karma Re: Why does stats count(eval always returns zero when partial non-existant values exist? for ITWhisperer. 12-02-2022 11:59 AM
- Posted Why does stats count(eval always returns zero when partial non-existant values exist? on Splunk Search. 12-02-2022 07:59 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
03-13-2023
10:25 AM
I also wanted to reference this help doc (took me a little while to find): https://docs.splunk.com/Documentation/Splunk/9.0.4/DashStudio/chartsSV It outlines that if you want to change the default 100 for the radial max fill line, just enter a new maxValue option.
... View more
03-04-2023
12:50 PM
I have a dashboard with a couple of base datasources. Let's call them "base_search1" and "base_search2" I have chained datasources which are used to output base_search1 | stats avg(field) as a Radial base_search1 | timechart span=1d avg(field) and the same thing for base_search2. This presents nicely as a radial and line chart for both base_search1 and base_search2. Request: Now, I want to also display the radial and time chart for the combination of base_search1's results and base_search2's results. Assume both datasources both output the same field name that I want to average over. How do I do this? Will the solution change if I want to average over more than 2 datasources? Let's say I have 4 base searches on the dashboard. If this was not on a dashboard, I would do something like base_search1 | append [base_search2] | timechart span=1d avg(field) but I don't know how that translates to working with datasources in dashboards.
... View more
- Tags:
- base search
- chain
Labels
- Labels:
-
dashboard
-
Dashboard Studio
-
timechart
03-02-2023
10:10 PM
I figured this out using makeresults: | makeresults format=csv data="val
$ds_1:result.avg$
$ds_3:result.avg$
$ds_3:result.avg$" | stats avg(val)
... View more
03-02-2023
01:03 PM
I'm using Dashboard Studio. I can reference the final result (like I mentioned in my original post) but that is intended to feed into a search. I just want to use that final result as part of a mathematical equation -- averaging multiple final results together. Is that possible?
... View more
03-02-2023
08:08 AM
I have a dashboard that displays 3 radials. I want to display the average of the numeric result of those three radials also on the dashboard. I can create references to those radials and refer to their results something like ($ds_1:result.avg$ + $ds_3:result.avg$ + $ds_3:result.avg$) / 3 but I don't know how to create SPL to do just that vs looking up logs. For example, I tried
| eval avg=($ds_1:result.avg$ + $ds_3:result.avg$ + $ds_3:result.avg$) / 3 | table avg
this didn't work. For context, each of those referred datasources outputs avg(field) as avg.
How can I achieve what I'm after?
... View more
Labels
- Labels:
-
dashboard
-
single value
12-02-2022
12:02 PM
One disparate question around something I never understood. Why do I need to create an spath for this to work? In other words, instead of count(eval(connectError=="true")) why can't I just do count(eval(details.error.connectionError=="true"))
... View more
12-02-2022
11:59 AM
That did it! Thank you. I thought I tried that before but guess not.
... View more
12-02-2022
07:59 AM
My query:
index=primary eventType=ConnectionTest msg="network check results" | spath output=connectError details.error.connectionError | fillnull value=false connectError | dedup visitId | stats count as total, count(eval(connectError==true)) as errors
If I run this, "errors" always returns 0. However, if I run
index=primary eventType=ConnectionTest msg="network check results" | spath output=connectError details.error.connectionError | fillnull value=false connectError | dedup visitId | stats count by connectError
connectError properly returns the set of values in each bucket of connectError.
My dataset will sometimes contain the object "details.error". I tried fillnull to resolve this but that didn't work.
If I look at the Events data for the first or second query, I do see "connectError" in the "Interesting Fields" list on the left hand side.
❓How do I get the first query to work whereby I can get errors and total errors? I want to follow it up with |eval percentErrors=errors/total but I first need to get the stats to work properly.
... View more
Labels
- Labels:
-
stats
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-08-2023
02:31 PM
|
