Is it possible to print a line chart with: line wi...

erabadan · ‎04-06-2017

Hi people!

I'm trying to print a line chart with three values:

value
mean(value) - stdev(value)
mean(value) + stdev(value)

I'm trying this:

stats mean(percentIdle) AS mean, stdev(percentIdle) AS stdev |
eval down= mean-stdev |
eval up= mean+stdev |
timechart first(down) as "min" first(up) as "max" first(percentIdle) as "percentIdle"

And similar variations but nothing works.

Does anyone knows how to do this?

Thank you!

erabadan · ‎04-07-2017

Hi,

that actually didn't give me exactly what i needed, because that prints the mean, the stdev and the eval result, but I fixed it with this:

timechart eval(mean(percentIdle) + stdev(percentIdle)) AS up, eval(mean(percentIdle) - stdev(percentIdle)) AS down, first(percentIdle) as percentIdle

This prints the metric itself, the mean+stdev and the mean-stdev 🙂

Thank you for the reply!

hhGA · ‎04-07-2017

Ah sorry, misread your query. Glad to have helped though.

hhGA · ‎04-07-2017

Hi,

Please can you try the following:

| timechart mean(percentIdle) AS mean, stdev(percentIdle) AS stdev | eval up = mean+stdev, down=mean-stdev

Let me know if you're still having problems.

Is it possible to print a line chart with: line with value, line with mean+stdev and line with mean-stdev?

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...