1818 </search >
1919 <search id =" baseEventsSearch"
2020 <query >
21- index=* sc4s_container=$sc4s_instance$
21+ | tstats count where index=* sc4s_container=$sc4s_instance$ by index _time
2222 </query >
2323 <earliest >$time_range.earliest$</earliest >
2424 <latest >$time_range.latest$</latest >
4343 <input type =" time" token =" time_range"
4444 <label >Timer</label >
4545 <default >
46- <earliest >rt -15m</earliest >
47- <latest >rt </latest >
46+ <earliest >-15m</earliest >
47+ <latest >now </latest >
4848 </default >
4949 </input >
5050 <html >
220220 <option name =" numberPrecision" option >
221221 <option name =" rangeColors" option >
222222 <option name =" rangeValues" option >
223+ <option name =" refresh.display" option >
223224 <option name =" showSparkline" option >
224225 <option name =" showTrendIndicator" option >
225226 <option name =" trellis.enabled" option >
310311 <single >
311312 <title >Total volume of actual syslog traffic delivered by this SC4S instance to Splunk</title >
312313 <search base =" baseEventsSearch"
313- <query >| stats count</query >
314+ <query >| stats sum( count) </query >
314315 </search >
315316 <option name =" colorBy" option >
316317 <option name =" colorMode" option >
317318 <option name =" drilldown" option >
318319 <option name =" numberPrecision" option >
319320 <option name =" rangeColors" option >
320321 <option name =" rangeValues" option >
322+ <option name =" refresh.display" option >
321323 <option name =" showSparkline" option >
322324 <option name =" showTrendIndicator" option >
323325 <option name =" trellis.enabled" option >
336338 <title >Distributions of events by index</title >
337339 <chart >
338340 <search base =" baseEventsSearch"
339- <query >| stats count by index</query >
341+ <query >| stats sum(count) as count by index</query >
340342 </search >
341343 <option name =" charting.axisLabelsX.majorLabelStyle.overflowMode" option >
342344 <option name =" charting.axisLabelsX.majorLabelStyle.rotation" option >
366368 <option name =" charting.legend.mode" option >
367369 <option name =" charting.legend.placement" option >
368370 <option name =" charting.lineWidth" option >
371+ <option name =" refresh.display" option >
369372 <option name =" trellis.enabled" option >
370373 <option name =" trellis.scales.shared" option >
371374 <option name =" trellis.size" option >
375378 <title >Trends of events by index</title >
376379 <table >
377380 <search base =" baseEventsSearch"
378- <query >| chart sparkline(count) AS "Indexes Trend" count AS Total BY index</query >
381+ <query >| stats sparkline(sum( count)) as "Indexes Trend" sum( count) as Total by index</query >
379382 </search >
380383 <option name =" count" option >
381384 <option name =" dataOverlayMode" option >
393396 <chart >
394397 <search >
395398 <query >
396- index=* sc4s_container=$sc4s_instance$ | eval tags=split(sc4s_tags,"|") | mvexpand tags | search tags=".app.*" | timechart count by tags
399+ | tstats count where index=* sc4s_container=$sc4s_instance$ by sc4s_tags _time | eval tags=split(sc4s_tags,"|") | mvexpand tags | search tags=".app.*" | timechart sum( count) by tags
397400 </query >
398401 <earliest >$time_range.earliest$</earliest >
399402 <latest >$time_range.latest$</latest >
439442 <table >
440443 <search >
441444 <query >
442- index=* sc4s_container=$sc4s_instance$ | eval tags=split(sc4s_tags,"|") | mvexpand tags | chart count by tags
445+ | tstats count where index=* sc4s_container=$sc4s_instance$ by sc4s_tags _time | eval tags=split(sc4s_tags,"|") | mvexpand tags | stats sum( count) as eventCount by tags | sort - eventCount
443446 </query >
444447 <earliest >$time_range.earliest$</earliest >
445448 <latest >$time_range.latest$</latest >
449452 </table >
450453 </panel >
451454 </row >
452- </form >
455+ </form >
0 commit comments