Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to add a calculated values as threshold in a line chart?

anooshac
Communicator
‎03-28-2022 03:59 AM

Hi everyone,

 I have a line chart of some tasks and its duration. I am trying to add average of the duration of all tasks as threshold.

 

|stats values(duration) as "Duration(Hr)" by Task|sort Task|stats avg(duration) as threshold

 

I am not getting any results from the query.I have previously added threshold as a fixed value. Is there any different method to add a threshold value which is calculated not fixed.

Labels (2)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-28-2022 04:17 AM

Use eventstats

|stats values(duration) as "Duration(Hr)" by Task|sort Task|eventstats avg('Duration(Hr)') as threshold

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-28-2022 04:17 AM

Use eventstats

|stats values(duration) as "Duration(Hr)" by Task|sort Task|eventstats avg('Duration(Hr)') as threshold
0 Karma
Reply
Solved! Jump to solution

anooshac
Communicator
‎03-28-2022 04:25 AM

Thanks!! It is working. Does the aggregate function only work with eventstats?

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-28-2022 04:28 AM

No, the aggregate function works for all the stats and chart commands, eventstats adds the field to the events in the pipeline, whereas stats replaces the events in the pipeline

0 Karma
Reply
Solved! Jump to solution

anooshac
Communicator
‎03-28-2022 04:56 AM

Thank you so much for the info.

Can you please suggest any resources which will help in increasing the Splunk knowledge..

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-28-2022 08:28 AM

Splunk provide various training and certification opportunities

Splunk Training & Certification | Splunk

You can also download and setup trail instances to try things out.

You could look through the answers provided here and other community channels to see how other people have approached various problems.

0 Karma
Reply
Solved! Jump to solution

anooshac
Communicator
‎03-29-2022 09:44 PM

Sure..Thank you so much for the info!!

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...