I have index data like below, and I want to calculate how many have a stock price higher than yesterday.
date, stock, price
20171016, abc, 100
20171016, def, 80
20171015, abc,120
20171015, def, 60
20171014, abc, 100
20171014, def, 70
My search can do that, but is any other better search to do it as well
index=test
| eval nexttime=strftime(relative_time(now(),"-2d") ,"%Y%m%d")
| table *
| where 'date' >= nexttime
| eventstats avg(close) as aa by code
| eval updown = if((close > aa), 1,0)
| table * | where 'date' > nexttime
| addcoltotals
| tail 1| table updown
Also, if i want to do similar function for last 7 day, how can i do it?
Try this!
(your search)
|table date,stock,price
|sort stock,date
|streamstats count by stock
|delta price as diff_price
|eval diff_price=if(count=1,0,diff_price)
Try this!
(your search)
|table date,stock,price
|sort stock,date
|streamstats count by stock
|delta price as diff_price
|eval diff_price=if(count=1,0,diff_price)
yes, it work and better than my search.
but how can i group by date to show how many stock up and down
after your search, if i want to use transaction date , it will so no result found.
Please tell me the output image.
i want some thing like below
date, number of stock raise
20171016 , 1
20171015,1
Should diff_price count the plus?
|stats count(eval(diff_price>0)) as updown by date
thanks it work as what i want, let me spend some time to play with those syntax, i am newbies in splunk