Splunk 简明教程
Splunk - Overlay Chart
很多时候,我们需要将一个图表放在另一个图表之上,以比较或查看两个图表的趋势。Splunk 通过其可视化选项卡中提供的图表叠加功能支持此功能。若要创建这样的图表,我们需要首先使用两个变量创建一个图表,然后再添加第三个变量来创建叠加图表。
Many times, we need to put one chart over another to compare or see the trend of the two charts. Splunk supports this feature through the chart overlay feature available in its visualization tab. To create such a chart, we need to first make a chart with two variables and then add a third variable which can create the overlay chart.
Chart Scenario
继续前一章中的示例,我们找出不同星期几的文件的字节大小,然后还添加那些天的平均字节大小。下图显示了图表,其中显示了星期中不同天的字节大小与文件的平均字节大小。
Continuing the examples from previous chapter, we find out the byte size of the files on different week days and then also add the average byte size for those days. The below image shows the chart showing the byte size versus average byte size of files on different days of the week.
接下来,我们将向上述搜索查询添加称为标准差的统计函数。这将带来创建图表叠加所需的附加变量。下图显示了查询结果的统计信息,这些信息将用于可视化中。
Next, we are going to add the statistical function called standard deviation to the above search query. This will bring the additional variable needed to create the chart overlay. The below image shows the statistics of the query result which will be used in the visualization.
Creating Chart Overlay
若要创建图表叠加,请按照 Visualization → Format → Chart Overlay 操作。
To create the chart overlay, we follow Visualization → Format → Chart Overlay
这会弹出一个弹出窗口,我们需要在其中选择将成为叠加图表的字段。在本例中,我们选择 stdev(bytes) 作为字段,如下面的图像所示。我们还可以填写其他值:标题、比例及其间隔、最小值、最大值等。对于我们的示例,在为叠加选项选择字段后,我们选择默认值。
This brings up a pop-up window where we need to choose the field which will be the overlay chart. In this case, we choose stdev(bytes) as the field as shown in the image below. We can also fill in other values: title, scale and their intervals, minimum values, maximum values, etc. For our example, we choose the default values after selecting the field for the overlay option.
选择上述选项后,我们可以关闭图表叠加弹出窗口,并看到最终图表,如下所示 −
After selecting the above options, we can close the chart overlay pop-up window and see the final chart as shown below −
