Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Chart Overlay: How to sum and avg of a single field and apply it in chart overlay?

gokikrishnan198
New Member
‎07-19-2018 11:14 PM

index=source sourcetype=type|timechart sum(TotalTime) avg(TotalTime)
Getting a chart below
alt text

Unable to use the clause "over" in timechart command like "timechart sum(TotalTime) over avg(TotalTime) by EM"
Unable to calculate sum if I use stats command. Need assistance Please.

Preview file
30 KB
0 Karma
Reply

adonio
Ultra Champion
‎07-20-2018 05:09 AM

hello there,

maybe use the chart overlay function within your visualization options.
run this search anywhere and follow the screenshot below:

| gentimes start="07/16/2018:00:00:00" end="07/20/2018:10:00:00" increment=15m
| eval total_time= random()%1000
| eval _time = starttime
| timechart span=2h  sum(total_time) as sum_total_time avg(total_time) as avg_total_time

alt text

hope it helps

Preview file
141 KB
0 Karma
Reply

gokikrishnan198
New Member
‎07-22-2018 08:30 PM

Hi @Adonio,

Apologies. I am unable to follow the code that was provided.

Let me explain the thing here again.
If there is a Service A . It takes time to run. Need to calculate average and total time elapsed for the service. Thanks,

0 Karma
Reply

adonio
Ultra Champion
‎07-23-2018 01:52 AM

@gokikirishan, the code is just an example for your use case
the screenshot shows you how to do chart overlay

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...