×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
drivernick
Engager
Member since: ‎03-08-2017
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 3
Member Since ‎03-08-2017
Topics I've Started
No posts to display.
View All

Re: How to plot multiple trendlines over multiple ...

by in Dashboards & Visualizations
‎03-08-2017 10:42 AM
3 Karma
‎03-08-2017 10:42 AM
3 Karma
I realize I'm a little late to this thread, but I had a similar issue and thought I might post my answer here for anyone running into the same problem. sourcetype=x ERROR | timechart span=1m count by error_msg limit=100 | untable _time error count | streamstats global=f window=10 avg(count) AS avg_count by error | eval lowerBound=(-avg_count*2) | eval upperBound=(avg_count*2) | eval isOutlier=if('count' < lowerBound OR 'count' > upperBound, "***".count."***", count) | xyseries _time error isOutlier The above code will show you all the data for each error over time, but it will surround outliers with asterisks. If you wanted to only show data when the count is an outlier, you could run the following: sourcetype=x ERROR | timechart span=1m count by error_msg limit=100 | untable _time error count | streamstats global=f window=10 avg(count) AS avg_count by error | eval lowerBound=(-avg_count*2) | eval upperBound=(avg_count*2) | where count < lowerBound OR count > upperBound | xyseries _time error count Again, I know I'm late to the party, but hopefully this will help someone with a similar problem in the future. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from