topic Re: How to chart field1 by field2 and overlay by aggregate in Dashboards & Visualizations

How to chart field1 by field2 and overlay by aggregate

kabSplunk — Thu, 03 Nov 2016 04:55:33 GMT

I have two fields
field1 as response time
field 2 as instance name

I want to plot the response time by instance name and overlay the average response time of a single instance name.

Data is like
Instance1 responsetime1
Instance1 responsetime2
:
Instance1 responsetimeN
Instance2 responsetime1
Instance2 responsetime2
:
Instance2 responsetimeN
:
and so on.

So I want chart of responsetime by instance name and an overlay line of avg(responsetime) of only single instance say instance5

Can you please help.

Re: How to chart field1 by field2 and overlay by aggregate

hunters_splunk — Tue, 29 Sep 2020 11:38:55 GMT

HI KabSplunk,

Please try the following:

Run the following search:

sourcetye= | chart count, sum(responsetime) AS total_responsetime by instance | eval avg_responsetime = total_responsetime/count
After you get the statistics, go to Visualization.
Select Column Chart.
Click Format and select ** Chart Overlay**.
In the Overlay field, type avg_responsetime.

You should see total_responsetime as columns on the y axis overlayed by the avg_bytes values. Instances are on the x axis.

Hope it helps. Thanks!
Hunter

Re: How to chart field1 by field2 and overlay by aggregate

hunters_splunk — Tue, 29 Sep 2020 11:38:57 GMT

The search string was not correctly displayed; should be:

sourcetye= my_sourcetype | chart count, sum(responsetime) AS total_responsetime by instance | eval avg_responsetime = total_responsetime/count

Re: How to chart field1 by field2 and overlay by aggregate

kabSplunk — Sat, 12 Nov 2016 20:20:44 GMT

Thanks. I had got it fixed