Show trendline of average of values for 1hour as o...

deepthi5 · ‎10-18-2016

Hi ,

I have one graph which shows the response times for every second
source="C:\Ping\" index="ping" sourcetype="pingstats" | rex field=source "(?.?)$" |lookup pinglookup.csv country OUTPUT router DestinationIP |search router=waterloo|chart values(RTT) as RTT by _time,router|fillnull value=0

I have another graph which shows the trend of the average of the response times for one hour
source="C:\Ping\" index="ping" sourcetype="pingstats" | rex field=source "(?.?)$" |lookup pinglookup.csv country OUTPUT router DestinationIP |search router=waterloo | bucket _time span=1h | stats avg(RTT) AS avg_value by _time | trendline sma5(avg_value) as trend

How can i combine both and get a graph i have used appendcols but the graph looks odd

attaching the screen shot

sundareshr · ‎10-18-2016

Try this

source="C:\\Ping\*" index="ping" sourcetype="pingstats" | rex field=source "(?.*?)$" | lookup pinglookup.csv country OUTPUT router DestinationIP | search router=waterloo | chart values(RTT) as RTT by _time,router | fillnull value=0 | addtotals | trendline sma5(Total) as Trend | fields - Total

Show trendline of average of values for 1hour as overlay graph on main graph

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

Show trendline of average of values for 1hour as overlay graph on main graph

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey