Dashboards & Visualizations

Add trendline to timechart splunk

karthi25
Path Finder

I am having the chart with durations, Now I want add a line over the chart with values as avg(duration). I used below query, but its not showing up trendline

index=cloudfoundry sourcetype=cloudfoundry_apps "cf_foundation=px-npe01" "cf_org_name=Commissions" "cf_space_name=development" "cf_app_name=splunk**   |search endDate !=null AND status='COMPLETED' |eval start_epoch=strptime(startDate,"%Y-%m-%d %H:%M:%S.%1N")
     |eval _time=start_epoch
     |eval end_epoch=strptime(endDate,"%Y-%m-%d %H:%M:%S.%1N")
     |eval duration=round((end_epoch-start_epoch)/3600)
      | chart values(duration) as duration by processLogId | trendline sma5(duration) as sma_Max_Resp

My expectation will be as followsalt text

0 Karma
1 Solution

mayurr98
Super Champion

hey try this!

index=cloudfoundry sourcetype=cloudfoundry_apps "cf_foundation=px-npe01" "cf_org_name=Commissions" "cf_space_name=development" "cf_app_name=splunk**   
|search endDate !=null AND status='COMPLETED' |eval start_epoch=strptime(startDate,"%Y-%m-%d %H:%M:%S.%1N")
      |eval _time=start_epoch
      |eval end_epoch=strptime(endDate,"%Y-%m-%d %H:%M:%S.%1N")
      |eval duration=round((end_epoch-start_epoch)/3600)
       | chart values(duration) as duration by processLogId | eventstats avg(duration) as avg_duration

just add eventstats avg(duration) as avg_duration at the end of your query instead of trendline command.

let me know if this helps you!

View solution in original post

mayurr98
Super Champion

hey try this!

index=cloudfoundry sourcetype=cloudfoundry_apps "cf_foundation=px-npe01" "cf_org_name=Commissions" "cf_space_name=development" "cf_app_name=splunk**   
|search endDate !=null AND status='COMPLETED' |eval start_epoch=strptime(startDate,"%Y-%m-%d %H:%M:%S.%1N")
      |eval _time=start_epoch
      |eval end_epoch=strptime(endDate,"%Y-%m-%d %H:%M:%S.%1N")
      |eval duration=round((end_epoch-start_epoch)/3600)
       | chart values(duration) as duration by processLogId | eventstats avg(duration) as avg_duration

just add eventstats avg(duration) as avg_duration at the end of your query instead of trendline command.

let me know if this helps you!

karthi25
Path Finder

@mayurr98 if I want a line in a column chart.. What can I do?? I tried changing the chart type but that average is in a bar shape not a line

0 Karma

mayurr98
Super Champion

as per my knowledge, it will not create a line in column chart this solution is only meant for line chart!

0 Karma
Get Updates on the Splunk Community!

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...