Hello all,

I have a line chart that is built similarly to the splunk article title "Finding and removing outliers" (not enough karma to post the link.....). In any case, I have a bunch of outliers that are defined by the isOutlier eval statement. I would like some method to outline these on the blue CON line a bit better. As you can see, as you drag the mouse across the chart, I have it set so it will provide insight of all the different data at that time frame. The bottom orange line spikes to 1 if there is an outlier above the upper line, or if it is below the lowerl line.

Is there some way to highlight the CON value in a different color or something where these outliers exist?

How do I create a drilldown so that when someone clicks on the data point that a search is run to show all the events at the time where the data point was?

index=data sourcetype=json
| bin _time span=5m
| streamstats count(seen.indicator) as "Count" by seen.indicator _time
| eventstats avg(Count) as "newAVG" by seen.indicator
| eventstats stdev(Count) as "newSTD" by seen.indicator
| eventstats count(seen.indicator) as "Temp" by seen.indicator _time
| eval upper = newAVG+(newSTD*1.2)
| eval lower = newAVG-(newSTD*1.2)
| eval isOutlier=if(Temp < lower OR Temp > upper, 1, 0)
| timechart span=5m values(Temp) as CON, eval(values(upper)) as upperl, eval(values(lower)) as lowerl, eval(values(isOutlier)) as Outliers by seen.indicator usenull=f useother=f
| filldown