I am a newbie to Splunk and have a question on best approach.
I am doing a panel with three single value views. The first two do the same search with only the earliest and latest modifiers (feel free to correct me on the term) being different. They calculate single values I wish to find the ratio between.
The third single value view contains said ratio.
In order to save the results of the searches for reuse, I am using JavaScript. Basically,
`var firstSearch = splunkjs.mvc.Components.get("first_search_id");`
`var secondSearch = splunkjs.mvc.Components.get("second_search_id");`
I wait for data to arrive and then save the results to tokens:
`firstSearch.data("results").on("data", function (results) {`
` var result = results._data.rows[0][0];`
` tokens.set("first_search_result", result);`
` if (tokens.get('second_search_result') != undefined) {`
` calculateRatio();`
` }`
`});`
I have a similar function for the second value. When both tokens have been set, the `calculateRatio()` function will be called to calculate and display the ratio.
To show the ratio, I am again doing a `splunkjs.mvc.Components.get(some_id)`. I'm guessing I'll then have to set the data field of this object to have the result display.
My approach seems a bit overcomplicated and I am not sure it's the most efficient one. Hence, I'd like to ask the following questions:
- I have two near identical searches, is there some way I can have one and reuse it with different time modifiers?
- Is there a better way of saving search results and reusing them to calculate the ratio?
- Since I am saving the ratio in a token, is there an XML-only way to have the single value view show its value without extra JS? The token would obviously be `undefined` initially and the view will need an update as the ratio calculation is complete
- Examples show using `trendInterval` to display a trend. Would this be a better approach to accomplish what I want?
↧