7.2, 7.1, 7.0, 6.6, 6.5, 6.4
This app is for anyone who wants to visualise and correlate multiple separate events on a common timeline.
This app provides a visualization that you can use in your own apps and dashboards.
To use it in your dashboards, simply install the app, and create a search that provides the values you want to display.
The following fields can be used in the search:
- label (required): A title for the event being displayed.
- start (required): A date and time indicating the start of the event
- end (optional): A data and time indicating the end of the event
- group (optional): A group name to categorise the events and display them together
- color (optional): This is usually generated by the rangemap command. It is used to set the color for the slide. Valid colors are: red, amber, green. If using rangemap, use 'range' instead of 'color'. Valid values include: low, elevated, severe, ok, warning, etc
- data (optional): A value to use for drilldowns, which is not displayed to the user, e.g. ID numbers, references, sources. The data field will be used to populate the $tok_et_data$ token.
| makeresults count=25 | eval start=_time-random()% 7*24*60*60 | streamstats count as id | eval label=case(id%3=0,"Event A", id%5=0,"Event B", id%7=0,"Event C", id%11=0,"Event D",1=1,"Event E") | eval range=if(random()%2=0,"low","severe") | table start, label, range
This visualization generates the following tokens on click:
-Start field - defaults to: $tok_et_start$
-End field - defaults to: $tok_et_end$
-Data field - defaults to: $tok_et_data$
-Label field - defaults to: $tok_et_label$
-All Visible Events' Data field - defaults to: $tok_et_all_visible$
Note: all token names are customisable in the visualization settings menu.
The visualization is bound by the following limits:
- Total results: 10,000
-No issues identified.
If you have a bug report or feature request, please contact firstname.lastname@example.org
No personally identifiable information is logged or obtained in any way through this visualizaton.
Send email to email@example.com
Support is not guaranteed and will be provided on a best effort basis.
This visualization uses the vis.js visualization library.
Added drilldown ability using the built-in Splunk drilldown UI
You can use the tokens to create drilldowns / dynamic panels in your dashboards. You can also use the Splunk drilldown menu to link to another dashboard, a search, or a specific URL.
The tokens created in the visualization will be evaluated first, then the drilldown will happen (if you configured a drilldown). This means you can link to a custom search using the label field, start/end times, or the data field of the event you clicked.
- Added 'tooltip' field to set the tooltip text
- Added 'blue' as a color option (eval range='blue' or 'debug' or 'unknown')
- Fixed bug where viz wouldn't display when using a base search
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.