Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to make column chart with filter by host and upper bound

mishaaaaaaaaaa
Explorer
‎02-05-2019 01:18 AM

Hi, splunk comunity!
How can i make query which print some info in column chart filtred by hosts and also upper bound line?
I try to do something like this:
....
| eval top=some logic to calculate top value
| timechart sum(someInfo) as "counter" max(top) as "upper bound" by host
....
but i have columns which contains value of upper bound for each host, but not an upper bound line

Tags (1)
0 Karma
Reply

whrg
Motivator
‎02-05-2019 11:20 PM

I believe you are looking for a chart overlay. Check out this page: Chart overlay example (dual axis).

So edit your column chart by clicking on "Format", then on "Chart Overlay" and then select the "upper bound" field.

0 Karma
Reply

vishaltaneja070
Motivator
‎02-05-2019 11:05 PM

@mishaaaaaaaaaa
Can you please explain the requirement again with any snippet if you have?

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...