Splunk Search

Is there any way to overlay vertical lines for event marking in Splunk timecharts?

aramirez_evolut
Engager

Tools such as graphite allow for the concept of "infinity" in charts in order to display vertical lines to be overlayed on charts. These are typically used for marking single events over a continuous sequence, e.g. deployment of new build version to a web server. This allows for users to quickly see how a single type or class of event has caused an inflection in the timechart.

Is there any way to accomplish this same visualization with Splunk timecharts? I find this to be an invaluable feature on other systems and would love for it to be added to Splunk timecharts, if not there already for comparable reporting and analysis.

alt text

hylam
Contributor

You can use javascript/jquery/selector to locate the DOM/SVG object for "16:00", get its x-coordinate, then draw a vertical line using SVG.

Another way would be putting a transparent redVerticalLine.png over the chart.

0 Karma

ibob0304
Communicator

I downvoted this post because wrong assumption. not easy to implement.

0 Karma

lizi_zhu
Engager

I need exactly same function to help visualize release impact on metrics. Do we have any update on this thread?

0 Karma

diogofgm
SplunkTrust
SplunkTrust

You can probably achieve something like that if you do a timechart with the code deploy (e.g. Number of changes for that build) as bars and the warnings as a chart overlay. Doing it like this you would get more information than just with the vertical lines, since you could relate the errors to the amount of changes made to the last build.

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma

aramirez_evolut
Engager

Number of changes in a deployment seems to be a vanity metric, since it doesn't really speak to how profound a change is. Deployments were just one example of a single event with no relevant quantifiable data points to plot on the timechart. Other examples could be things like restarting servers, human workflow CRM steps (email or call sent), or start/end of a promotional campaign. Each of those examples could be pit against other logs with server, application, or KPI data for a holistic report or dashboard.

0 Karma

diogofgm
SplunkTrust
SplunkTrust

Sure, it was just an example on how the vertical lines could be achieved.

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...