Graphing network I/O over _time on a timechart, ho...

angelacb · ‎01-20-2015

I'm graphing out network I/O over _time on a timechart (Area Chart). Is there any easy way to have an overlay to highlight a specific period in _time? For instance, if I have a constant value of "6", it would highlight "YYYY-mm-06 00:00:00" to "YYYY-mm-06 23:59:59" sections on the graph output (top to bottom regardless of the max-values of network I/O) whenever the _time contains the day value of "6"?

thomrs · ‎01-21-2015

You could use a case statement on the day field to add a new. field with a value just for that day and add that value to your your graph. Then use use splunks native overlay to display the line.

index = _*  |  eval hr=strftime(_time, "%H")| eval hl=case(hr==12, -1 ) | timechart span=15m   dc(sourcetype), max(hl)

There are a number of D3 viz hat might work to, need some JavaScript skill to go that way.

Graphing network I/O over _time on a timechart, how to create an overlay to highlight a specific period in _time value?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Are you a member of the Splunk Community?

Graphing network I/O over _time on a timechart, how to create an overlay to highlight a specific period in _time value?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...