source=DAM_DB_SUMMARY_REPORT | eval Date=substr(DATES,1,10) | stats sum(TOTAL_RECORDS) as "Total Records" by Date | sort - Date
i would like to insert one column that should be DIFF and calculation should be subtraction ( Row 1 - row 2) row 1 value us 797,775 and row 2 value is 797,774 so 3rd new column value should be 1. and also we need % in 3rd column 1/797,775 (diff/1st row count)
I thought this for sure was going to be a streamstats answer, but instead it's far easier to use delta.
You should be able to just add | delta "Total Records"
to the end of your search, like
source=DAM_DB_SUMMARY_REPORT | eval Date=substr(DATES,1,10) | stats sum(TOTAL_RECORDS) as "Total Records" by Date | sort - Date | delta "Total Records"
Can you give that a go and report back?
Happy Splunking!
Rich
I thought this for sure was going to be a streamstats answer, but instead it's far easier to use delta.
You should be able to just add | delta "Total Records"
to the end of your search, like
source=DAM_DB_SUMMARY_REPORT | eval Date=substr(DATES,1,10) | stats sum(TOTAL_RECORDS) as "Total Records" by Date | sort - Date | delta "Total Records"
Can you give that a go and report back?
Happy Splunking!
Rich
thanks a lot
sorry it was very simple i have got this after posting here forgot to upfdate