Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Could I draw timechart with prediction line without "predict" command ?

leo_wang
Path Finder
‎01-03-2017 02:09 AM

Hi,
As. title.
I know I could use "predict" command to predict the value of my data.
But I have some data which are coming from "R" script, and already have prediction value in it.

How could I draw the timechart digram with prediction line by timechart command for those data ?
( attached picture for example )

alt text

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎01-03-2017 06:00 AM

In Splunk you can get close to above visualization using Chart Overlays and charting.lineDashStyle . However, for applying Dash line style you will have to change the graph to Area or Column (not line chart or your main field will also pick the same style)

Step 1
If you have got the three fields (field1, field2, field3) to plot the series, you can feed them to timechart for example

 <your base search>
| timechart sum(field1) as PredictField sum(field2) as Upper95 sum(field3) as Lower95

(Above is just an example, you should use field names and statistical command according to your need.)

Step 2
You then edit the Chart and change Upper95 and Lower95 fields as overlayFields by editing Chart Panel or through Simple XML

 <option name="charting.chart.overlayFields">Upper95,Lower95</option>

Step 3
Finally, add the charting.lineDashstyle option in Simple XML by editing the source.

  <option name="charting.lineDashStyle">shortDash</option>

Refer to Charting reference for lineDashStyle property: http://docs.splunk.com/Documentation/Splunk/latest/Viz/ChartConfigurationReference

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

niketn
Legend
‎01-03-2017 06:00 AM

In Splunk you can get close to above visualization using Chart Overlays and charting.lineDashStyle . However, for applying Dash line style you will have to change the graph to Area or Column (not line chart or your main field will also pick the same style)

Step 1
If you have got the three fields (field1, field2, field3) to plot the series, you can feed them to timechart for example

 <your base search>
| timechart sum(field1) as PredictField sum(field2) as Upper95 sum(field3) as Lower95

(Above is just an example, you should use field names and statistical command according to your need.)

Step 2
You then edit the Chart and change Upper95 and Lower95 fields as overlayFields by editing Chart Panel or through Simple XML

 <option name="charting.chart.overlayFields">Upper95,Lower95</option>

Step 3
Finally, add the charting.lineDashstyle option in Simple XML by editing the source.

  <option name="charting.lineDashStyle">shortDash</option>

Refer to Charting reference for lineDashStyle property: http://docs.splunk.com/Documentation/Splunk/latest/Viz/ChartConfigurationReference

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...