8.0, 7.3, 7.2, 7.1, 7.0, 6.6, 6.5, 6.4
This app is for anyone who wants to visualise and correlate multiple separate events on a common timeline.
This app provides a visualization that you can use in your own apps and dashboards.
To use it in your dashboards, simply install the app, and create a search that provides the values you want to display.
The following fields can be used in the search:
- label (required): A title for the event being displayed.
- start (required): A date and time indicating the start of the event
- end (optional): A data and time indicating the end of the event
- group (optional): A group name to categorise the events and display them together
- color (optional): This is usually generated by the rangemap command. It is used to set the color for the slide. Valid colors are: red, amber, green. If using rangemap, use 'range' instead of 'color'. Valid values include: low, elevated, severe, ok, warning, etc
- data (optional): A value to use for drilldowns, which is not displayed to the user, e.g. ID numbers, references, sources. The data field will be used to populate the $tok_et_data$ token.
| makeresults count=25 | eval start=_time-random()% 7*24*60*60 | streamstats count as id | eval label=case(id%3=0,"Event A", id%5=0,"Event B", id%7=0,"Event C", id%11=0,"Event D",1=1,"Event E") | eval range=if(random()%2=0,"low","severe") | table start, label, range
This visualization generates the following tokens on click:
-Start field - defaults to: $tok_et_start$
-End field - defaults to: $tok_et_end$
-Data field - defaults to: $tok_et_data$
-Label field - defaults to: $tok_et_label$
-All Visible Events' Data field - defaults to: $tok_et_all_visible$
Note: all token names are customisable in the visualization settings menu.
The visualization is bound by the following limits:
- Total results: 10,000
-No issues identified.
If you have a bug report or feature request, please contact email@example.com
No personally identifiable information is logged or obtained in any way through this visualizaton.
Send email to firstname.lastname@example.org
Support is not guaranteed and will be provided on a best effort basis.
This visualization uses the vis.js visualization library.
Labels and tooltips can have new line characters ("\n") to create multiple lines, eg: | eval label="Event: " + event + "\n" + description
Better dark mode compatibility
* Updated libraries, including upgrading JQuery to 3.6.0
- Fixed bug in tooltip timestamps
- Minor updates for better Splunk 8.2 compatibility
Colors can now be set with HTML color codes. This will allow you to highlight events from the search by setting the color field to a HTML color code, e.g "#009933" or "#093". Note that if you supply both range and color fields, range takes precedence.
...| eval color = case(status="critical","#ff0000", status="ok","#00FF00", status="unknown","#0000FF", 1=1,"#efefef")
| table label, start, end, group, color, tooltip, data
- Added option to display a red line indicating the current date
- Updated Splunk release dates
Added option to sort groups by time in addition to group name
Added options to set the default event color, background color, and text color
Added drilldown ability using the built-in Splunk drilldown UI
You can use the tokens to create drilldowns / dynamic panels in your dashboards. You can also use the Splunk drilldown menu to link to another dashboard, a search, or a specific URL.
The tokens created in the visualization will be evaluated first, then the drilldown will happen (if you configured a drilldown). This means you can link to a custom search using the label field, start/end times, or the data field of the event you clicked.
- Added 'tooltip' field to set the tooltip text
- Added 'blue' as a color option (eval range='blue' or 'debug' or 'unknown')
- Fixed bug where viz wouldn't display when using a base search
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.