I am creating a dashboard to display the current hour performance of my service's comparing with the same with last day same hour and last week same hour and see if performance looks like. I would like the display only current hour performance in Green(<30%), Ambe(30-50), Red based( > 50%) on the comparison
index=* sourcetype="*" SourceSystemID="*" ="*" ServiceName="*" ServiceOperationName="*" OR "*" OR "*" OR "*" earliest=-1h@h latest=@h | stats Perc90(ResponseTime) AS TodayLastHour by ServiceOperationName| appendcols [search index=* sourcetype="*" SourceSystemID="*" ="*" ServiceName="*" ServiceOperationName="*" OR "*" OR "*" OR "* earliest=-25h@h latest=-24h@h | stats Perc90(ResponseTime) AS YesterdayLastHour by ServiceOperationName]| eval percent_difference=((TodayLastHour-YesterdayLastHour)/YesterdayLastHour*100)
Look at my final answer here (in the comments):
https://answers.splunk.com/answers/519872/search-for-same-time-frame-on-the-same-day-of-diff.html#an...