Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Howto Add Annotations to a Graph?

muebel
SplunkTrust
SplunkTrust
‎07-12-2010 12:59 PM

I have a line graph that charts the consumed disk capacity for many hosts. It is very nice for giving a rough idea of the trends, and if I hover over the line at a specific point in time, I can get the capacity value at that time.

How would I be able to make a permanent marker or annotation at obvious points of interest? For instance, a 4% or %5 jump in consumed disk?

Reply
1 Solution
Solved! Jump to solution
Solution

Paolo_Prigione
Builder
‎07-12-2010 02:27 PM

Hi muebel, I fear right now it is not possible: the "annotation" charts have not yet been implemented and on the module reference I can see no config for sticking permanent labels.

Moreover "obvious" points of interests should be something you have to help splunk figure out. A workaround could be to timechart something like the following, which might help you spot out potential issues:

| bucket _time span=1h | stats count(_raw) as c by _time,host | delta c as delta p=1 | eval perc_variation = round((delta * 100 / (c - delta)),1) | eval abs_variation=abs(perc_variation) | where abs_variation > 5 | fields host, c, perc_variation

View solution in original post

Reply
Solved! Jump to solution
Solution

Paolo_Prigione
Builder
‎07-12-2010 02:27 PM

Hi muebel, I fear right now it is not possible: the "annotation" charts have not yet been implemented and on the module reference I can see no config for sticking permanent labels.

Moreover "obvious" points of interests should be something you have to help splunk figure out. A workaround could be to timechart something like the following, which might help you spot out potential issues:

| bucket _time span=1h | stats count(_raw) as c by _time,host | delta c as delta p=1 | eval perc_variation = round((delta * 100 / (c - delta)),1) | eval abs_variation=abs(perc_variation) | where abs_variation > 5 | fields host, c, perc_variation
Reply
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...