Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How we can create a line chart with the area between max and min value filled with color ?

Real_captain
Path Finder
‎10-17-2024 12:53 AM

HI 
I want to know if it is possible to have a line chart with the area between max and min value filled with color. 

Example : 
For the below chart , we will be having 2 more new lines ( Max and Min) and we would like to have color filed in the area between Max and Min lines. 

Real_captain_0-1729151544873.png

Current Query to generate the 3 lines : 
| table Start_Time CurrentWeek "CurrentWeek-1" "CurrentWeek-2" 

2 more lines ( Max and Min ) needs to be added in the above linechart and fill the color between max and min. 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-21-2024 09:58 AM

You could try something like this

| eventstats min(CurrentWeek) as lower max(CurrentWeek) as upper min(CurrentWeek-1) as lower1 max(CurrentWeek-1) as upper1 min(CurrentWeek-2) as lower2 max(CurrentWeek-2) as upper2
| eval lower=min(lower, lower1, lower2), upper=max(upper, upper1, upper2)
| fields - lower1 upper1 lower2 upper2
| eval _lowerrate="lower", _upperrate="upper", _predictedrate="CurrentWeek"
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-17-2024 01:19 AM

Hi @Real_captain ,

you could try using the area charts and eventually using white for the min area so it seems that it's coloured only the difference between min and max.

Ciao.

Giuseppe

0 Karma
Reply

Real_captain
Path Finder
‎10-21-2024 08:09 AM

Hi @gcusello  
How can we select white for the min area in area chart. 

Which option to select ?? 

Real_captain_0-1729523266661.png

 

Real_captain_1-1729523343224.png

 

 

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-25-2024 03:13 AM

Hi @Real_captain ,

these are the options to define colours of the areas:

<option name="charting.legend.labels">[YES,NO,UND]</option>
<option name="charting.seriesColors">[0xff3f31,0x0dc681,0xe1dfdf]</option>

you have to insert the values in the first option and the colours in the second one.

Ciao.

Giuseppe

0 Karma
Reply

dural_yyz
Builder
‎10-21-2024 09:06 AM

I would suggested a stacked bar chart and leave min/max/curr/curr-1/curr-2 as chart overlays but I don't know if that would solve your problem.

Stack the below-min(white) / between_max_min(shaded) / above-min(white).  Calculate the above min as some percentage above overall max value ie. overall_max=max(all_numbers)x1.25

It's the only way I can think to get the below min value as white - but I think that also violates some of the other things you were asking for.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...