Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to print a line chart with: line with value, line with mean+stdev and line with mean-stdev?

erabadan
Engager
‎04-06-2017 08:49 AM

Hi people!

I'm trying to print a line chart with three values:

  • value
  • mean(value) - stdev(value)
  • mean(value) + stdev(value)

I'm trying this:

stats mean(percentIdle) AS mean, stdev(percentIdle) AS stdev |
eval down= mean-stdev |
eval up= mean+stdev |
timechart first(down) as "min" first(up) as "max" first(percentIdle) as "percentIdle"

And similar variations but nothing works.

Does anyone knows how to do this?

Thank you!

0 Karma
Reply

erabadan
Engager
‎04-07-2017 03:02 AM

Hi,

that actually didn't give me exactly what i needed, because that prints the mean, the stdev and the eval result, but I fixed it with this:

timechart eval(mean(percentIdle) + stdev(percentIdle)) AS up, eval(mean(percentIdle) - stdev(percentIdle)) AS down, first(percentIdle) as percentIdle

This prints the metric itself, the mean+stdev and the mean-stdev 🙂

Thank you for the reply!

0 Karma
Reply

hhGA
Communicator
‎04-07-2017 05:06 AM

Ah sorry, misread your query. Glad to have helped though.

0 Karma
Reply

hhGA
Communicator
‎04-07-2017 01:48 AM

Hi,

Please can you try the following:

| timechart mean(percentIdle) AS mean, stdev(percentIdle) AS stdev
| eval up = mean+stdev, down=mean-stdev

Let me know if you're still having problems.

Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...