Splunk Search

Calculation of area of a graph

nebel
Communicator

Hi there,

today I have a special question. I am not sure how to realise this.
I have on the one hand a lot of performance values, like 20, 13, 15. On the other hand I have the time stamps for those performance values. It mean, I can create easily a graph. No I am adding a extra line, called recommendation of 10.

Now we have a graph and a line which is the treshold line.

The idea is now, to calculate the area which is higher than the recommodation. I already found the mathematic phrase but I think there is maybe another way to realise this. With a mathematic phare it is so complex...

Could you please advise me how I can realise this? Any kind of ideas are more than welcome.

Thank you very much in advance

Regards

Tags (3)
0 Karma
1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

Calculating area under a curve normally requires calculus and integration to properly calculate. However, you can try and approximate it. What I would do, since you have each of the values of the area points, you can take the points with values higher than your threshold, subtract the threshold value (to get the value above the line) and sum them over the _time of your graph. A search may go something like this.

your_search|eval threshold = 10|where perf_value > threshold|eval diff_threshold = perf_value - threshold|stats sum(diff_threshold) as "Total 'Area' Above the Line"

View solution in original post

0 Karma

nebel
Communicator

thank you for that.
Do you think it is more exactly with your idea instead of calculate the area?

Thanks

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

Calculating area under a curve normally requires calculus and integration to properly calculate. However, you can try and approximate it. What I would do, since you have each of the values of the area points, you can take the points with values higher than your threshold, subtract the threshold value (to get the value above the line) and sum them over the _time of your graph. A search may go something like this.

your_search|eval threshold = 10|where perf_value > threshold|eval diff_threshold = perf_value - threshold|stats sum(diff_threshold) as "Total 'Area' Above the Line"

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...