Chart Overlay: How to sum and avg of a single fie...

gokikrishnan198 · ‎07-19-2018

index=source sourcetype=type|timechart sum(TotalTime) avg(TotalTime)
Getting a chart below

Unable to use the clause "over" in timechart command like "timechart sum(TotalTime) over avg(TotalTime) by EM"
Unable to calculate sum if I use stats command. Need assistance Please.

adonio · ‎07-20-2018

hello there,

maybe use the chart overlay function within your visualization options.
run this search anywhere and follow the screenshot below:

| gentimes start="07/16/2018:00:00:00" end="07/20/2018:10:00:00" increment=15m
| eval total_time= random()%1000
| eval _time = starttime
| timechart span=2h  sum(total_time) as sum_total_time avg(total_time) as avg_total_time

hope it helps

gokikrishnan198 · ‎07-22-2018

Hi @Adonio,

Apologies. I am unable to follow the code that was provided.

Let me explain the thing here again.
If there is a Service A . It takes time to run. Need to calculate average and total time elapsed for the service. Thanks,

adonio · ‎07-23-2018

@gokikirishan, the code is just an example for your use case
the screenshot shows you how to do chart overlay

Chart Overlay: How to sum and avg of a single field and apply it in chart overlay?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!