Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to find the value where the two lines meet (line chart)

zoe
Path Finder
‎05-24-2024 12:36 AM

Hi

I have the table

x, y1, y2 and plot them in the line chart. how can I find the value where the two lines cross ?

zoe_0-1716535899930.png

 

Labels (1)
Labels
0 Karma
Reply

emdaax
Explorer
‎05-27-2024 09:03 AM

Hi @zoe,

building on previous suggestions from "gcusello & tscroggins" , especially that sometimes y1 and y2 might not be exactly equal but rather close to each other, I would use the following method to find the closest intersections:

| eval diff=abs(y1 - y2)
| sort diff
| head 1
| table _time, y1, y2, diff


From there, you can use another diff (if needed) to calculate the actual difference between the numbers stored in the y1 and y2 fields.

Search Ref:

 

best regards,

0 Karma
Reply

tscroggins
Influencer
‎05-27-2024 11:32 AM

That will give you one solution, but the other is more generalized:

| makeresults count=100
| streamstats count
| eval count=count-1
| rename count as x
| eval y1=pow(x-50, 2)+25, y2=-pow(x-30, 2)+1000
| table x y1 y2
``` end sample data ```
| eval dy=y2-y1
| autoregress dy
| where dy==0 OR abs(dy)/dy!=abs(dy_p1)/dy_p1
| fields - dy dy_p1
xy1y2
21866919
60125100

 

If we find the intersections outside Splunk we get:

x ~ 20.315, y ~ 906.2
x ~ 59.685, y ~ 118.8

0 Karma
Reply

tscroggins
Influencer
‎05-27-2024 07:18 AM

Hi @zoe,

Building on @gcusello's response, you can find the intersections by looking for sign changes in dy:

| eval dy=y2-y1
| autoregress dy
| where dy==0 OR abs(dy)/dy!=abs(dy_p1)/dy_p1
| fields - dy dy_p1

The selected point depends on the sort order of the data.

You can use this alone or as part of an annotation search in a dashboard.

We don't know the functions that generated the lines, and we're not performing a regression, but this provide a quick estimation.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-24-2024 12:42 AM

Hi @zoe ,

after a chart there's always a search and some results.

probably you have a search like the following:

<your_search>
| timechart count BY key

wher key has two values (value1 and value2)

so you have to run a search like the following:

<your_search>
| timechart count BY key
| where value1=value2

I could be more detailed, if you could share your search (in text mode, non screenshot!).

Ciao.

Giuseppe

 

0 Karma
Reply

zoe
Path Finder
‎05-24-2024 12:51 AM

Hi Giuseppe,

 

thanks for the quick reply. 

I do not have timechart. I have a table with the fields like x, y1, y2. If I plot x-y1 and x-y2 in line chars, there two lines cross. I need the value on the  y1 line is the same like that on the y2 line.   

| where value1=value2

 This solution would not work, because y1 and y2 do not have the same field values. I need to find the cross of there two artifical lines. 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-24-2024 01:18 AM

Hi @zoe ,

even if you don't use timechart, I suppose that you are charting two fields value (y1 and y2), you have to compare the two fields in the where condition.

| where y1=y2

or, if they are similar but ton the same:

| where y1-y2<1 OR y2-y1<1

whwre 1 is the sensibility you want to use in your search.

Ciao.

Giuseppe

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...