label = description = search_fragment = default_height = 250 default_width = 250 trellis_default_height = 400 allow_user_selection = True supports_trellis = False supports_drilldown = False supports_export = False data_sources = primary data_sources.primary.params.show_metadata = true # Splunk core visualizations - DO NOT EDIT [line] label = Line Chart description = Track values and trends over time. search_fragment = | timechart count [by comparison_category] default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = True core.icon = chart-line core.preview_image = line.png core.order = 1 core.type = visualizations core.viz_type = charting core.charting_type = line core.recommend_for = timechart, predict core.height_attribute = display.visualizations.chartHeight data_sources = primary,annotation data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 data_sources.annotation.params.output_mode = json_cols data_sources.annotation.params.count = 1000 [area] label = Area Chart description = Track changes in aggregated values over time. search_fragment = | timechart count [by comparison_category] default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = True core.icon = chart-area core.preview_image = area.png core.order = 2 core.type = visualizations core.viz_type = charting core.charting_type = area core.recommend_for = timechart core.height_attribute = display.visualizations.chartHeight data_sources = primary,annotation data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 data_sources.annotation.params.output_mode = json_cols data_sources.annotation.params.count = 1000 [column] label = Column Chart description = Compare values or fields. search_fragment = | stats count by comparison_category default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = True core.icon = chart-column core.preview_image = column.png core.order = 3 core.type = visualizations core.viz_type = charting core.charting_type = column core.recommend_for = timechart, top, rare core.height_attribute = display.visualizations.chartHeight data_sources = primary,annotation data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 data_sources.annotation.params.output_mode = json_cols data_sources.annotation.params.count = 1000 [bar] label = Bar Chart description = Compare values or fields. search_fragment = | stats count by comparison_category default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = True core.icon = chart-bar core.preview_image = bar.png core.order = 4 core.type = visualizations core.viz_type = charting core.charting_type = bar core.recommend_for = top, rare core.height_attribute = display.visualizations.chartHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 [pie] label = Pie Chart description = Compare categories in a dataset. search_fragment = | stats count by comparison_category default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = True core.icon = chart-pie core.preview_image = pie.png core.order = 5 core.type = visualizations core.viz_type = charting core.charting_type = pie core.recommend_for = top, rare core.height_attribute = display.visualizations.chartHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 [scatter] label = Scatter Chart description = Show relationships between discrete values in two dimensions. search_fragment = | stats x_value_aggregation y_value_aggregation by name_category [comparison_category] default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = True core.icon = chart-scatter core.preview_image = scatter.png core.order = 6 core.type = visualizations core.viz_type = charting core.charting_type = scatter core.height_attribute = display.visualizations.chartHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 [bubble] label = Bubble Chart description = Show relationships between discrete values in three dimensions. search_fragment = | stats x_value_aggregation y_value_aggregation size_aggregation by name_category [comparison_category] default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = True core.icon = chart-bubble core.preview_image = bubble.png core.order = 7 core.type = visualizations core.viz_type = charting core.charting_type = bubble core.height_attribute = display.visualizations.chartHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 [singlevalue] label = Single Value description = Track a metric with context and trends. search_fragment = | timechart count default_height = 115 default_width = 300 min_height = 50 min_width = 100 max_height = 10000 trellis_min_widths = 70, 130, 230 trellis_per_row = 10, 6, 4 supports_drilldown = True supports_export = True supports_trellis = True core.icon = single-value core.preview_image = singlevalue.png core.order = 8 core.type = visualizations core.viz_type = singlevalue core.recommend_for = timechart core.height_attribute = display.visualizations.singlevalueHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.offset = 0 data_sources.primary.params.count = 1000 [radialGauge] label = Radial Gauge description = Show a single value in relation to customized ranges. search_fragment = | stats count default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = False supports_export = True supports_trellis = True core.icon = gauge-radial core.preview_image = radialGauge.png core.order = 9 core.type = visualizations core.viz_type = charting core.charting_type = radialGauge core.height_attribute = display.visualizations.chartHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 [fillerGauge] label = Filler Gauge description = Show a single value and its current range. search_fragment = | stats count default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = False supports_export = True supports_trellis = True core.icon = gauge-filler core.preview_image = fillerGauge.png core.order = 10 core.type = visualizations core.viz_type = charting core.charting_type = fillerGauge core.height_attribute = display.visualizations.chartHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 [markerGauge] label = Marker Gauge description = Show a single value in relation to customized ranges. search_fragment = | stats count default_height = 300 default_width = 300 min_height = 100 min_width = 100 max_height = 10000 supports_drilldown = False supports_export = True supports_trellis = True core.icon = gauge-marker core.preview_image = markerGauge.png core.order = 11 core.type = visualizations core.viz_type = charting core.charting_type = markerGauge core.height_attribute = display.visualizations.chartHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.count = $display.visualizations.charting.data.count:JSCHART_RESULTS_LIMIT:10000$ data_sources.primary.params.offset = 0 [mapping] label = Cluster Map description = Show aggregated values in a geographic region. search_fragment = | geostats count [by category] latfield=lat longfield=lon default_height = 400 default_width = 600 min_height = 200 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = False core.icon = location core.preview_image = mapping.png core.order = 12 core.type = visualizations core.viz_type = mapping core.mapping_type = marker core.recommend_for = geostats core.height_attribute = display.visualizations.mapHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.offset = 0 data_sources.primary.params.count = $display.visualizations.mapping.data.maxClusters:100$ data_sources.primary.mapping_filter = true data_sources.primary.mapping_filter.center = $display.visualizations.mapping.map.center:(0,0)$ data_sources.primary.mapping_filter.zoom = $display.visualizations.mapping.map.zoom:2$ data_sources.primary.params.search = geofilter south=$south$ west=$west$ north=$north$ east=$east$ maxclusters=$display.visualizations.mapping.data.maxClusters:100$ [choropleth] label = Choropleth Map description = Show how values vary over a geographic region. search_fragment = | stats count by featureId | geom geo_countries featureIdField=featureId default_height = 400 default_width = 300 min_height = 200 min_width = 100 max_height = 10000 supports_drilldown = True supports_export = True supports_trellis = True core.icon = choropleth-map core.preview_image = choropleth.png core.order = 13 core.type = visualizations core.viz_type = mapping core.mapping_type = choropleth core.recommend_for = geom core.height_attribute = display.visualizations.mapHeight data_sources = primary data_sources.primary.params.output_mode = json_cols data_sources.primary.params.offset = 0 data_sources.primary.params.count = $CHOROPLETH_SHAPE_LIMIT:10000$ data_sources.primary.mapping_filter = true data_sources.primary.mapping_filter.center = $display.visualizations.mapping.map.center:(0,0)$ data_sources.primary.mapping_filter.zoom = $display.visualizations.mapping.map.zoom:2$ data_sources.primary.params.search = geomfilter min_y=$south$ min_x=$west$ max_y=$north$ max_x=$east$ [statistics] label = Statistics Table description = Show results organized in rows and columns. default_height = 300 default_width = 300 min_height = 0 min_width = 100 max_height = 1000 supports_trellis = False supports_drilldown = True supports_export = True core.icon = table core.preview_image = statistics.png core.order = 14 core.type = statistics core.recommend_for = timechart, top, rare, predict data_sources = primary data_sources.primary.params.output_mode = json_rows data_sources.primary.params.sort_key = $display.statistics.sortColumn:$ data_sources.primary.params.sort_direction = $display.statistics.sortDirection:$ data_sources.primary.params.count = 20 data_sources.primary.params.offset = 0 [events] label = Events description = List events from search results. default_height = 300 default_width = 300 min_height = 0 min_width = 100 max_height = 1000 supports_trellis = False supports_drilldown = True supports_export = True core.icon = list core.preview_image = events.png core.order = 15 core.type = events