I have a dashboard, that for managerial types I have added drop-downs for "Source" "Time Span" and Timechart By. These of course feed variables within the inline panels themselves. They are $source$ for (source) $timechart$ for (span=X). $Timechart$ is used for both |bucket _time span=x and |timechart span=x depending on the panel.
![alt text][1]
The problem I had was that my tables had multiple lines for span=X .
![alt text][2]
I solved this by adding a |dedup Source,Time . I fear that now I am showing incomplete or inaccurate data as a result of this.
index=webmonitor $source$
| spath
| rename stats.avg_response_time AS AvgResponseTime , stats.errors AS Errors, uptime.percentage_uptime AS Uptime |eval Source=case(source="rest://rigor_ally_uptime","Rigor Ally", source="rest://Apollo_Tufts_Uptime","Apollo Tufts",1=1,"Other")
| bucket _time $timechart$
| eval AvgTime=(AvgResponseTime/1000)
| eval Time=strftime(_time,"%m/%d/%y %H:%M")
|dedup Source,Time
|stats avg(AvgTime) AS AvgResponse by Time, Errors, Uptime Source
|eval AvgResponse=round(AvgResponse,1)
|table Time, Source,Uptime,AvgResponse,Errors
Thanks!
Jon.
[1]: /storage/temp/72245-1.png
[2]: /storage/temp/72246-2.png
↧