Solved: How to write a search to compare and find the diff...

dhavamanis · ‎12-03-2014

We have the below splunk query to get the availability report. How to compare monthly availability results? Example: the month of October availability percentage is 99% and November is 95%. How to get the variation difference. can you please provide the query to show the variation of results between months or over the period.

index="idxweblog" c=cnbc | eval Count5xx=if(status like "5%",1,0) | stats sum(Count5xx) as Count5xx count(status) as Total | eval AvailablePercentage=(Total - Count5xx)*100/Total | table AvailablePercentage

lguinn2 · ‎12-03-2014

You could try

index="idxweblog" c=cnbc 
| eval month = strftime(_time,"%m")
| eval Count5xx=if(status like "5%",1,0) 
| stats sum(Count5xx) as Count5xx count(status) as Total by month
| eval AvailablePercentage=(Total - Count5xx)*100/Total 
| delta AvailablePercentage as Difference

View solution in original post

lguinn2 · ‎12-03-2014

You could try

index="idxweblog" c=cnbc 
| eval month = strftime(_time,"%m")
| eval Count5xx=if(status like "5%",1,0) 
| stats sum(Count5xx) as Count5xx count(status) as Total by month
| eval AvailablePercentage=(Total - Count5xx)*100/Total 
| delta AvailablePercentage as Difference

aholzer · ‎12-03-2014

Have you looked at the "delta" command?

dhavamanis · ‎12-03-2014

can you provide some sample?

How to write a search to compare and find the difference between monthly results over a period of time?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life