Solved: how to add a horizontal line to a column/bar chart

myli12 · ‎01-28-2013

I want to draw a horizontal line across the following column time chart made out of a saved search

| timechart span=1mon avg(numDropPkt) as avgDrop BY host

Adding " |eval threashold = 100" gave me a few more column bars of value 100 (and the number of newly added columns is equal to the number of months searched), not a horizonal line.

The following link asked the same question, but the answer is very high level.

http://splunk-base.splunk.com/answers/71142/horizontal-line-in-flash-bar-chart

tfletcher_splun · ‎02-04-2013

http://splunk-base.splunk.com/answers/9053/example-of-chart-overlay

There is an answer for how to do it with a flashchart. It cannot be done with a JSChart.

View solution in original post

tfletcher_splun · ‎02-04-2013

http://splunk-base.splunk.com/answers/9053/example-of-chart-overlay

There is an answer for how to do it with a flashchart. It cannot be done with a JSChart.

tfletcher_splun · ‎02-04-2013

This is how to format for charting use. You still need to have the data as results from your search be it from an append or from an eval.

lguinn2 · ‎01-28-2013

Try this:

yoursearchhere
| append [ sourcetype=yoursourcetype  | addinfo | where _time >= info_min_time AND time <= info_max_time
    | eval numDropPkt = 100 | eval host="Threshold" ]
| timechart span=1mon avg(numDropPkt) as avgDrop by host

BTW, the only purpose of the sourcetype=yoursourcetype is to obtain some events to transform into the values that I want. Any sourcetype would work if it has at least one event per month over the duration that you are searching - and fewer events would be better.

myli12 · ‎02-07-2013

Thank you very much for your willingness to help. There is still no line show in the column graph. I am not sure why the table view tab, as I'd like a graph rather than a table report. And also since I do not understand the logic behind the script, I cannot really test/twist your script to fit my data. It could be just I did not use your script correctly.

lguinn2 · ‎02-06-2013

Try this

And look at the Table View tab.

rabitoblanco · ‎03-27-2015

I am trying to do a similar thing here-- simply draw a line across my graph showing a "full_capacity" line.
I've tried
mysearch | eval capacity=100 | stats max(capacity) to no avail.
Also capacity=tonumber(100) is no different.
A new way to do this?
Alternatively, to clearly label the top of my chart's Y-axis? Choosing the value in the dashboard UI doesn't label the top.

Thanks!

myli12 · ‎02-05-2013

It was 9 in one example but can vary.

lguinn2 · ‎02-05-2013

How many hosts are you trying to show in this chart?

myli12 · ‎02-04-2013

Thanks! I tried the scripts and ensured "sourcetype=yoursourcetype" has events per month, however, there is no horizontal line showing up in the chart.

how to add a horizontal line to a column/bar chart

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!