Overlays are Logscapes way of allowing you to combine multiple searches in one graph, you are able to overlay multiple graphs of the same, or different types, allowing you to easily extract knowledge and spot trends. In the blow example I'm monitoring Log4j Errors, as well as Unix Load and CPU usage.
* | CPU.avg(_host,AvgCPU) chart(line) * | CPU.max(,Max) chart(line) * | _type.equals(log4j) level.count() level.exclude(INFO) chart(scatter) * | 50pct.max() chart(line) * | 100pct.max() chart(line)
Using overlays you're also able to perform baseline searches, in this example I make use of the offset() function in order to compare my current CPU usage to exactly one hour ago.
cpu | cpu.avg(_host,0h) chart(line) _host.equals(LAB-UK-XS-UB1) cpu | cpu.avg(_host,0h) chart(line) _host.equals(LAB-UK-XS-UB1) offset(1h)
