Considering data like this
week1: value=1
week2: value=2
week3: value=3
week4: value=4
How do I create time chart with the total value over time. The expected result:
week1: total=1
week2: total=3 (week1+week2)
week3: total=6 (week1+week2+week3)
week4: total=10 (week1+week2+week3+week4)
or a time chart with average value over time
week1: avg=1 (1/1)
week2: avg=1.5 (3/2)
week3: avg=2 (6/3)
week4: avg=2.5 (10/4)
The current timechart command, as far as I know, only count data for each timeslots, what I really want to do is logic like this
for each time in timeline
search _time<time.latest sum(value) by whatever
I tired to use gentimes and map, or append, all failed. Please help.
I've used streamstats before to do this
http://docs.splunk.com/Documentation/Splunk/6.0/SearchReference/Streamstats
Unfortunately I don't have access to my splunk box with the working search on until later.
I'll post the query I used, but I used the examples from the Splunk documentation to build it.
HTH, Keith