I've read many posts on the subject of displaying an average line across a chart. But I can't find a solution that doesn't require performing the search twice, as in a join. This seems like a real common problem based on the number of similar posts. So my question is can you display the average somehow over the chart of discrete values without the extra search?
The search looks like
index=.. search params earliest=-1h | timechart span=1m cont=f avg(DPS) as DocsPerSec
So my table data looks like this:
time DocsPerSec
9:23 120
9:24 (null)
9:25 1545
9:26 756
So what I'm looking for is a column chart for the individual data points, and the average of all data points for the entire time. It's like having a span value of 1m for the discrete data and a span value of 1h for the average. I know the trendline can produce a running average, but that's not the same thing.
Maybe it's not possible because the average isn't known until all time has been processed? I think I could use the search in a post process event in a dashboard to get a single value for the average - to be displayed elsewhere. Maybe that's the best bet.
↧