Hello,
I am trying to represent the change in error for ~30,000 inputs over time. Not all inputs are updated routinely (e.g., some are updated multiple times a day, while others are updated every other day, etc.). I would like to plot over time the latest available data for each input (so not restricted to the time, rather from the beginning of time up until the edge of the current bin). I can think of it as charting the result of the dedup command overtime.
E.g.: input=rows, time=columns, >0.5 is a failure (excluded), '-' means no input that day
d1 d2 d3 d4
I1: 0.7 - 0.3 0.4
I2: 0.3 0.6 0.4 -
I3: 0.5 - 0.2 0.6
Would produce a plot of values:
d1 d2 d3 d4
I1: 0 0 1 1
I2: 1 0 1 0
I3: 1 1 1 0
sum:2 1 3 0
I have been trying to use the streamstats function, but haven't been successful:
index=test_index3 max_err="*" | bin _time span=1d | dedup name, path
| streamstats sum(eval(max_err<0.05 AND max_err>-0.05)) as data, count as total by block
| eval percent=round(data/total*100,3)
| timechart max(percent) as data by block
The data is of the form "...name=some_name,path=some_path,block=some_block,max_err=0.043,...", etc.
Any help would be appreciated. Thanks.
Try this
index=test_index3 max_err="*" | bin _time span=1d | dedup name, path
| eventstats count as total by block | where max_err<0.05 AND max_err>-0.05
| streamstats sum(max_err) as data by block
| eval percent=round(data/total*100,3)
| timechart max(percent) as data by block
I want a sum of all the errors that are +/- 5% from the beginning of time until a given point, subtracting duplicates (i.e., only consider the latest data).
So, the bins on the chart would be look something like {(-infty,-10), (-infty,-9), ..., (-infty, today)}, each plotting the total number of 'okay' entries, using the latest data for each unique entry up until the related day.
Per day you want to sum up everything OR for a given day plot the latest data for that day for an input?