feat: change avg() to sum() in PANEL_EVENTS_INGESTED_BY_SOURCETYPE_TE…

…MPLATE panel (#1028) Changes for "Events ingested by sourcetype" panel: * Change SPL function from avg() to sum() * Change chart type from line to column
splunk · Jan 25, 2024 · c738634 · c738634
1 parent bc5ee28
commit c738634
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/docs/dashboard.md b/docs/dashboard.md
@@ -78,7 +78,7 @@ Executes the following search:
 
 ```
 index=_internal source=*<addon_name>* action=events_ingested
-| timechart avg(n_events) by sourcetype_ingested
+| timechart sum(n_events) by sourcetype_ingested
 ```
 
 > Note: <addon_name> is being replaced by the actual value during the build time.

diff --git a/splunk_add_on_ucc_framework/dashboard.py b/splunk_add_on_ucc_framework/dashboard.py
@@ -75,11 +75,11 @@
       <chart>
         <search>
           <query>index=_internal source=*{addon_name}* action=events_ingested
-| timechart avg(n_events) by sourcetype_ingested</query>
+| timechart sum(n_events) by sourcetype_ingested</query>
           <earliest>$log_time.earliest$</earliest>
           <latest>$log_time.latest$</latest>
         </search>
-        <option name="charting.chart">line</option>
+        <option name="charting.chart">column</option>
         <option name="charting.drilldown">none</option>
       </chart>
     </panel>

diff --git a/..._output_global_config_everything/Splunk_TA_UCCExample/default/data/ui/views/dashboard.xml b/..._output_global_config_everything/Splunk_TA_UCCExample/default/data/ui/views/dashboard.xml
@@ -31,11 +31,11 @@
       <chart>
         <search>
           <query>index=_internal source=*splunk_ta_uccexample* action=events_ingested
-| timechart avg(n_events) by sourcetype_ingested</query>
+| timechart sum(n_events) by sourcetype_ingested</query>
           <earliest>$log_time.earliest$</earliest>
           <latest>$log_time.latest$</latest>
         </search>
-        <option name="charting.chart">line</option>
+        <option name="charting.chart">column</option>
         <option name="charting.drilldown">none</option>
       </chart>
     </panel>

diff --git a/tests/unit/test_dashboard.py b/tests/unit/test_dashboard.py
@@ -40,11 +40,11 @@
       <chart>
         <search>
           <query>index=_internal source=*splunk_ta_uccexample* action=events_ingested
-| timechart avg(n_events) by sourcetype_ingested</query>
+| timechart sum(n_events) by sourcetype_ingested</query>
           <earliest>$log_time.earliest$</earliest>
           <latest>$log_time.latest$</latest>
         </search>
-        <option name="charting.chart">line</option>
+        <option name="charting.chart">column</option>
         <option name="charting.drilldown">none</option>
       </chart>
     </panel>