An annotation is generally defined as an explanation or comment; event annotations are new in Splunk version 7.0. With the implementation of this feature, you can now add explanations or context to trends returned by Splunk (time) charts. Splunk event annotations are presented as colored flags that display time stamp information and custom descriptions in labels when you hover your mouse over them, as shown in the example in the following screenshot:
To illustrate how an event annotation could be used, Splunk offers an example where administrators are monitoring machine logs looking for user login errors. There is a Splunk chart that has been created to show login errors over time, and an event annotation has been added to flag the times when the servers are down for maintenance (during that time period).
With the server downtimes annotated, it can easily...