Splunk Search

Is there any way to overlay vertical lines for event marking in Splunk timecharts?

aramirez_evolut
Engager

Tools such as graphite allow for the concept of "infinity" in charts in order to display vertical lines to be overlayed on charts. These are typically used for marking single events over a continuous sequence, e.g. deployment of new build version to a web server. This allows for users to quickly see how a single type or class of event has caused an inflection in the timechart.

Is there any way to accomplish this same visualization with Splunk timecharts? I find this to be an invaluable feature on other systems and would love for it to be added to Splunk timecharts, if not there already for comparable reporting and analysis.

alt text

hylam
Contributor

You can use javascript/jquery/selector to locate the DOM/SVG object for "16:00", get its x-coordinate, then draw a vertical line using SVG.

Another way would be putting a transparent redVerticalLine.png over the chart.

0 Karma

ibob0304
Communicator

I downvoted this post because wrong assumption. not easy to implement.

0 Karma

lizi_zhu
Engager

I need exactly same function to help visualize release impact on metrics. Do we have any update on this thread?

0 Karma

diogofgm
SplunkTrust
SplunkTrust

You can probably achieve something like that if you do a timechart with the code deploy (e.g. Number of changes for that build) as bars and the warnings as a chart overlay. Doing it like this you would get more information than just with the vertical lines, since you could relate the errors to the amount of changes made to the last build.

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma

aramirez_evolut
Engager

Number of changes in a deployment seems to be a vanity metric, since it doesn't really speak to how profound a change is. Deployments were just one example of a single event with no relevant quantifiable data points to plot on the timechart. Other examples could be things like restarting servers, human workflow CRM steps (email or call sent), or start/end of a promotional campaign. Each of those examples could be pit against other logs with server, application, or KPI data for a holistic report or dashboard.

0 Karma

diogofgm
SplunkTrust
SplunkTrust

Sure, it was just an example on how the vertical lines could be achieved.

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...