Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About richard_bragg
richard_bragg
New Member
Member since:
05-29-2020
06-05-2020
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 05-29-2020 |
Activity Feed
- Posted Re: How to plot line graph against average over different time periods? on Splunk Search. 06-04-2020 02:43 AM
- Posted Re: How to plot line graph against average over different time periods? on Splunk Search. 06-04-2020 02:24 AM
- Posted Re: How to plot line graph against average over different time periods? on Splunk Search. 06-03-2020 06:37 AM
- Posted Re: How to plot line graph against average over different time periods? on Splunk Search. 06-03-2020 06:19 AM
- Posted Re: How to plot line graph against average over different time periods? on Splunk Search. 06-03-2020 04:50 AM
- Posted Re: How to plot line graph against average over different time periods? on Splunk Search. 06-03-2020 04:42 AM
- Posted Re: How to plot line graph against average over different time periods? on Splunk Search. 06-02-2020 09:34 AM
- Posted How to plot line graph against average over different time periods? on Splunk Search. 05-29-2020 02:59 AM
- Tagged How to plot line graph against average over different time periods? on Splunk Search. 05-29-2020 02:59 AM
- Tagged How to plot line graph against average over different time periods? on Splunk Search. 05-29-2020 02:59 AM
- Tagged How to plot line graph against average over different time periods? on Splunk Search. 05-29-2020 02:59 AM
- Tagged How to plot line graph against average over different time periods? on Splunk Search. 05-29-2020 02:59 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
06-04-2020
02:43 AM
Well the data is pretty simple, one file per Netcool and the lines in the log have time stamp and a number of numeric values one of which is a count of inserts.
But isn't earliest part of Splunk limiting how far back the search can go?
This all works nicely in the Pivot editor but not run as a report so there must be something in the editor that obeys the data picker that's ignored in the report.
What we are trying to highlight is where the inserts are outside a range around the 30 day average, that is if inserts are outside 50-150% of the average. If too low for an extended period possible data feed issue, if too high we could be seeing a data flood that if maintained could bring system down.
... View more
06-04-2020
02:24 AM
Thanks but this leads to
Error in 'PivotProcessor': Error in 'PivotCell': The dataset 'RootObject' has no field 'earliest=-4h'.
I'm going to see what I can play with. Just still getting used to terms etc.
... View more
06-03-2020
06:37 AM
Editing DataModel to use acceleration gives
You can only accelerate data models that include at least one event-based dataset or one search-based dataset that does not include streaming commands.
... View more
06-03-2020
06:19 AM
I tried this in the Search app and get
Error in 'DataModelCache': Invalid or unaccelerable root object for datamodel
The search job has failed due to an error. You may be able view the job in the Job Inspector.
... View more
06-03-2020
04:50 AM
Adding as comment to attach examples.
Pivot editor
Run report
... View more
06-03-2020
04:42 AM
This is what I get saving pivot as a report using the interface. So it's generated by Splunk.
If I view in the Pivot editor I can see two lines and it all looks fine, I can change the time period and the graph follows that selection.
If I run in Report it's all fixed at 30 days regardless of the TimePicker.
... View more
06-02-2020
09:34 AM
Well this chart will (if usable) fit to an existing dashboard but that bit maybe irrelevant.
This is my data model
index = "tivoli_omnibus_prod" sourcetype=objsvr_stats_log source=CVM_AGG earliest=-30d@d | eventstats avg(Status_Inserts) as Inserts by Omnibus | eval percstat=(100*(Status_Inserts/Inserts))-100
I know the "earliest" statement is fixing date range.
Then into this report
| pivot Netcool_Insert_Model RootObject avg(percstat) AS "Compare to 30 day average" SPLITROW _time AS _time PERIOD auto SPLITCOL Omnibus SORT 0 _time ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 100 SHOWOTHER 0
Is this the right way to go about things? Where does your logic fit?
... View more
05-29-2020
02:59 AM
We have a set of logs from different hosts that specify a metric. I want to display a line graph over a user-selectable time period that plots the metric as a percentage difference from the 30 day average for each host.
That is to get the 30 day average for each host then plot (metric/average)*100)-100. This would mean that 80% would plot as -20, 100% as 0, 120% as 20, and so on. Additionally, we would like to highlight where the value falls outside -50 - 50. The next stage would be to alert if the value is outside the -50 to 50 more than the last, say 20 mins.
What we are looking for is to spot where the metric is larger than average for an extended period (flood condition) or lower (drought). The range could change.
I'm new to Splunk so I don't really know exactly where to start.
I can get the graph to work with averaging in the same period as plotting. It's having the average over a different time period. Hosts are selected by a pattern so would be dynamic (host matching pattern CVM_AGG). We may extend this to either a second query BUS_AGG or merge the two _AGG. Since we are using percentage against average they will scale the same.
... View more
Labels
- Labels:
-
chart
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
