A collection of ultra-configurable, single-statistic visualizations for Splunk. Contains three main types of viz: Gauges, Spinners and SVG shapes (Square, Rectangle, Hexagon, Rings and donuts). Similar to Graphana singlestat panel.
Known issue: Splunk can be laggy (causing formatting options to not apply) with visualizations that have many formatting options. Please be patient when the formatting form is opening and when switching formatting tabs. If the form opens twice and overlaps, then the settings won't save properly.
Copyright (C) 2019 Chris Younger. I am a Splunk Professional Services consultant working for JDS Australia, in Brisbane Australia.
Source code | Questions, Bugs or Suggestions | My Splunk apps
This app is not "visible" in the Splunk UI app menu. After installing the app, follow this process:
1. Do a search of any data and switch to the visualisation tab
2. In the top left, in the visualisastion menu, select "Number Display viz"
3. Open the "Format" menu then select "Help"
4. There will be a link to the in-app documentation, which includes working examples
This visualization can deal with most datasets you want to throw at it. However for the most reliable results, use a search where the field names are exactly "value", "title" and "sparkline".
|stats sparkline(avg(SOME_VALUE)) as sparkline latest(SOME_VALUE) as valueFor multiple items do this:
| rename SPLIT_CATEGORY as title | stats sparkline(avg(SOME_VALUE)) as sparkline latest(SOME_VALUE) as value BY titleThe configured viz formatting can be overridden in data by havign specifically named fields.
Here is an example where the subtitle is supplied in the data:
| rename SPLIT_CATEGORY as title | stats sparkline(avg(SOME_VALUE)) as sparkline latest(SOME_VALUE) as value latest(SOME_VALUE2) as subtext BY titleanother way of doing the same thing is like so:
| rename SPLIT_CATEGORY as title | stats sparkline(avg(SOME_VALUE)) as sparkline latest(SOME_VALUE) as value BY title | eval subtext = "something"These are the fields that can be overridden in data:
| Field | Type | Description |
|---|---|---|
value |
Numeric | The value which will be used for threshold calculation and to set the gauge position or spinner speed. Viz will attempt to autoguess this field if not explicity supplied. |
title |
String | The title of the metric which will be shown as a text overlay. Viz will attempt to autoguess this field if not explicity supplied. |
sparkline |
sparkline array | The sparkline field to use as the area or line chart overlay. Viz will attempt to autoguess this field if not explicity supplied. |
color |
HTML color code | Set the base color, ignoring the thresholds. By using this field you can use any threshold logic you like in the search query |
primarycolor |
HTML color code | Similar to above but will only override the primary color. The threshold color can still be used by other components. The primary color is only used by the main element (the gauge, spinner or shape background) in the viz. |
secondarycolor |
HTML color code | As above. |
text |
String | If supplied, this field enables overriding what would be shown as the numeric value |
subtitle |
String | Override the subtitle value. Note that subtitle must be blank in the formatting options |
min |
Number | Overrides the "min" limit |
max |
Number | Overrides the "max" limit |
color field.The primary and secondary fields are the colors that are used by the main style component such as the gauge, spinner, or the shape color. This allows the color to be set to a static color and the threshold color to be used for the textvalue overlay, the sparkline or other places. Exactly what the primary or secondary color affects is different for each style, however it is typically a gradient range. If the Primary and Secondary color are set exactly the same then some of the shape textures will not be visible.
To show a sparkline, then be sure to pass in sparkline data. use | stats sparkline(AGG_FUNCTION(VALUE))
The Text, Title, Subtitle tabs allow for configuring how text overlays are applied. They are all kind of the same except the text value can have animations on change, and a unit prefix/suffix.
The title, text, or subtitle fields allow for HTML injection. This allows icons to be used in place of text or numbers.
Any icon from the FontAwesome v5 Free icon sets can be used, the complete list is here: https://fontawesome.com/cheatsheet/
There are also some Splunk built-in icons that can be used. See the list at the following page of your Splunk environment: /en-GB/static/docs/style/style-guide.html#icons
Here is an example search query to display an icon:
It is possible to use custom fonts (hosted on the internet) by overriding specific CSS classes in a HTML panel: .number_display_viz-font1 .. font5.
Example: https://git.io/fjz5B
The following third-party libraries are used by this app. Thank you!
v1.7.10
Tooltip improvements. Add new "status" mode to sparklines. When this is selected you should pass in sparkline field that contains values that map to statuses: >= 6 (Error) >= 4 (Warning) >= 2 (Good) >= 0 (Informational) < 0 (Unknown) - This is the compatible with the internal codes used by ITSI.
v.1.6.10
Update internal jquery library for Splunk Cloud compatibility
v1.6.8
Minor bug fixes
v1.6.7
Fix another bug for when sparkline field is null
v1.6.6
* Fix bug where in specific situations the threshold value would be rendered instead of the value. Thank you to jmcr for finding this bug and providing a reproducible test case.
v.1.6.10
Update internal jquery library for Splunk Cloud compatibility
v1.6.8
Minor bug fixes
v1.6.7
Fix another bug for when sparkline field is null
v1.6.6
* Fix bug where in specific situations the threshold value would be rendered instead of the value. Thank you to jmcr for finding this bug and providing a reproducible test case.
v1.6.8
Minor bug fixes
v1.6.7
Fix another bug for when sparkline field is null
v1.6.6
* Fix bug where in specific situations the threshold value would be rendered instead of the value. Thank you to jmcr for finding this bug and providing a reproducible test case.
v1.6.7
Fix another bug for when sparkline field is null
v1.6.6
* Fix bug where in specific situations the threshold value would be rendered instead of the value. Thank you to jmcr for finding this bug and providing a reproducible test case.
v1.6.6
* Fix bug where in specific situations the threshold value would be rendered instead of the value. Thank you to jmcr for finding this bug and providing a reproducible test case.
v1.5.6
Fix for version 7.3 "undefined" errors in formatting menu
Fix bug when sparkline is null
1.4.5 - Fix bug where sparkline field couldn't always be set as expected. Corrected inconsistent left alignment.
1.4.4. - Window resize triggers reflow. Redo margin/padding code to behave more reasonably. You can also supply two numbers now for the margin (top/bottom left/right). Added autopanelheight experimental feature.
1.4.3 - Fix drill-down tokens - $row.<fieldname>$ and $click.name$ now work. Better handling of multi-rows. Fails gracefully on large datasets.
1.2.3 - Field names "value", "title" and "sparkline" now take priority over guessed fields if these fields are supplied explicitly in the data. Added options for dealing with sparklines that have null values (note that |stats sparkline() will create sparklines with zero values and not nulls.
1.4.4. - Window resize triggers reflow. Redo margin/padding code to behave more reasonably. You can also supply two numbers now for the margin (top/bottom left/right). Added autopanelheight experimental feature.
1.4.3 - Fix drill-down tokens - $row.<fieldname>$ and $click.name$ now work. Better handling of multi-rows. Fails gracefully on large datasets.
1.2.3 - Field names "value", "title" and "sparkline" now take priority over guessed fields if these fields are supplied explicitly in the data. Added options for dealing with sparklines that have null values (note that |stats sparkline() will create sparklines with zero values and not nulls.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.