Solved: Bar + line in chart?

robingg · ‎05-14-2020

I have two types of events, where the important data looks like this:

[
  {
    "acknowledged": false,
    "time": 1588289278000,
  },
  {
    "acknowledged": {
      "time": 1588232449000,
      "username": "admin"
    },
    "time": 1588145193000,
  }
]

Per day, I want a bar chart of the count of the events that contains an acknowledge object. I also want to plot a line that contains the average acknowledgement time (acknowledged.time - time).

adonio · ‎05-14-2020

write your query that calculates the average acknowledgement time and the count of events over time then when using the bar chart, click edit and use chart overlay. pick the desired field as overlay line over the bar

View solution in original post

adonio · ‎05-14-2020

write your query that calculates the average acknowledgement time and the count of events over time then when using the bar chart, click edit and use chart overlay. pick the desired field as overlay line over the bar

robingg · ‎05-15-2020

Thanks. Solved the problem

Bar + line in chart?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation