Chart Overlay: How to sum and avg of a single fie...

gokikrishnan198 · ‎07-19-2018

index=source sourcetype=type|timechart sum(TotalTime) avg(TotalTime)
Getting a chart below
alt text

Unable to use the clause "over" in timechart command like "timechart sum(TotalTime) over avg(TotalTime) by EM"
Unable to calculate sum if I use stats command. Need assistance Please.

adonio · ‎07-20-2018

hello there,

maybe use the chart overlay function within your visualization options.
run this search anywhere and follow the screenshot below:

| gentimes start="07/16/2018:00:00:00" end="07/20/2018:10:00:00" increment=15m
| eval total_time= random()%1000
| eval _time = starttime
| timechart span=2h  sum(total_time) as sum_total_time avg(total_time) as avg_total_time

alt text

hope it helps

gokikrishnan198 · ‎07-22-2018

Hi @Adonio,

Apologies. I am unable to follow the code that was provided.

Let me explain the thing here again.
If there is a Service A . It takes time to run. Need to calculate average and total time elapsed for the service. Thanks,

adonio · ‎07-23-2018

@gokikirishan, the code is just an example for your use case
the screenshot shows you how to do chart overlay

Chart Overlay: How to sum and avg of a single field and apply it in chart overlay?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability