Show trendline of average of values for 1hour as o...

deepthi5 · ‎10-18-2016

Hi ,

I have one graph which shows the response times for every second
source="C:\Ping\" index="ping" sourcetype="pingstats" | rex field=source "(?.?)$" |lookup pinglookup.csv country OUTPUT router DestinationIP |search router=waterloo|chart values(RTT) as RTT by _time,router|fillnull value=0

I have another graph which shows the trend of the average of the response times for one hour
source="C:\Ping\" index="ping" sourcetype="pingstats" | rex field=source "(?.?)$" |lookup pinglookup.csv country OUTPUT router DestinationIP |search router=waterloo | bucket _time span=1h | stats avg(RTT) AS avg_value by _time | trendline sma5(avg_value) as trend

How can i combine both and get a graph i have used appendcols but the graph looks odd

attaching the screen shot

sundareshr · ‎10-18-2016

Try this

source="C:\\Ping\*" index="ping" sourcetype="pingstats" | rex field=source "(?.*?)$" | lookup pinglookup.csv country OUTPUT router DestinationIP | search router=waterloo | chart values(RTT) as RTT by _time,router | fillnull value=0 | addtotals | trendline sma5(Total) as Trend | fields - Total

Show trendline of average of values for 1hour as overlay graph on main graph

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?