Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to find the value where the two lines meet (line chart)

zoe
Path Finder
‎05-24-2024 12:36 AM

Hi

I have the table

x, y1, y2 and plot them in the line chart. how can I find the value where the two lines cross ?

zoe_0-1716535899930.png

 

Labels (1)
Labels
0 Karma
Reply

emdaax
Explorer
‎05-27-2024 09:03 AM

Hi @zoe,

building on previous suggestions from "gcusello & tscroggins" , especially that sometimes y1 and y2 might not be exactly equal but rather close to each other, I would use the following method to find the closest intersections:

| eval diff=abs(y1 - y2)
| sort diff
| head 1
| table _time, y1, y2, diff


From there, you can use another diff (if needed) to calculate the actual difference between the numbers stored in the y1 and y2 fields.

Search Ref:

 

best regards,

0 Karma
Reply

tscroggins
Influencer
‎05-27-2024 11:32 AM

That will give you one solution, but the other is more generalized:

| makeresults count=100
| streamstats count
| eval count=count-1
| rename count as x
| eval y1=pow(x-50, 2)+25, y2=-pow(x-30, 2)+1000
| table x y1 y2
``` end sample data ```
| eval dy=y2-y1
| autoregress dy
| where dy==0 OR abs(dy)/dy!=abs(dy_p1)/dy_p1
| fields - dy dy_p1
xy1y2
21866919
60125100

 

If we find the intersections outside Splunk we get:

x ~ 20.315, y ~ 906.2
x ~ 59.685, y ~ 118.8

0 Karma
Reply

tscroggins
Influencer
‎05-27-2024 07:18 AM

Hi @zoe,

Building on @gcusello's response, you can find the intersections by looking for sign changes in dy:

| eval dy=y2-y1
| autoregress dy
| where dy==0 OR abs(dy)/dy!=abs(dy_p1)/dy_p1
| fields - dy dy_p1

The selected point depends on the sort order of the data.

You can use this alone or as part of an annotation search in a dashboard.

We don't know the functions that generated the lines, and we're not performing a regression, but this provide a quick estimation.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-24-2024 12:42 AM

Hi @zoe ,

after a chart there's always a search and some results.

probably you have a search like the following:

<your_search>
| timechart count BY key

wher key has two values (value1 and value2)

so you have to run a search like the following:

<your_search>
| timechart count BY key
| where value1=value2

I could be more detailed, if you could share your search (in text mode, non screenshot!).

Ciao.

Giuseppe

 

0 Karma
Reply

zoe
Path Finder
‎05-24-2024 12:51 AM

Hi Giuseppe,

 

thanks for the quick reply. 

I do not have timechart. I have a table with the fields like x, y1, y2. If I plot x-y1 and x-y2 in line chars, there two lines cross. I need the value on the  y1 line is the same like that on the y2 line.   

| where value1=value2

 This solution would not work, because y1 and y2 do not have the same field values. I need to find the cross of there two artifical lines. 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-24-2024 01:18 AM

Hi @zoe ,

even if you don't use timechart, I suppose that you are charting two fields value (y1 and y2), you have to compare the two fields in the where condition.

| where y1=y2

or, if they are similar but ton the same:

| where y1-y2<1 OR y2-y1<1

whwre 1 is the sensibility you want to use in your search.

Ciao.

Giuseppe

 

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...