Splunk Search

index=Network_data memory_raw!="" | table _time cust_id memory_raw |bin _time span=1d | stats avg(memory_raw) by _time cust_id

akhil36109
New Member

Hello everyone,
In the above command i got the average memory raw per customer for a day(span=1d).
But i need it for last 14DAYS or atleast for the last 7 days .

i am trying to use "Snap to" but it is not working,could you please help me.
Thank you very much!

Tags (1)
0 Karma
1 Solution

mayurr98
Super Champion

hey you can try something like this..also you do not need to add table command as it seems unnecessary for me!
for last 7 days

index=Network_data memory_raw!=""  earliest=-7d latest=now |bin _time span=1d | stats avg(memory_raw) by _time cust_id 

for last 14 days

    index=Network_data memory_raw!=""  earliest=-14d latest=now |bin _time span=1d | stats avg(memory_raw) by _time cust_id 

let me know if this helps!

View solution in original post

0 Karma

mayurr98
Super Champion

hey you can try something like this..also you do not need to add table command as it seems unnecessary for me!
for last 7 days

index=Network_data memory_raw!=""  earliest=-7d latest=now |bin _time span=1d | stats avg(memory_raw) by _time cust_id 

for last 14 days

    index=Network_data memory_raw!=""  earliest=-14d latest=now |bin _time span=1d | stats avg(memory_raw) by _time cust_id 

let me know if this helps!

0 Karma

akhil36109
New Member

Thank you!
ya bro now i got each day avg(memory_raw) for last 14 days of each cust_id .

My questions is :

Can i take this data and feed to Machine learning too kit and predict the numeric fieds which is avg(numeric_raw) for next 10 days??

0 Karma

mayurr98
Super Champion

yes you can,if you have expertise to which algorithm to use and how to feed this in machine learning toolkit.
I do not know how to feed to ML toolkit as I do not have experience on ML.
And if you do not know how to do it then I suggest you to open new ticket ask a question about how can feed this search query to ML toolkit. Also search on splunk answers, if your requirement is already there or not!

let me know if this helps!

0 Karma

akhil36109
New Member

thank you bro you helped me a lot but i think i need to learn ML

0 Karma

493669
Super Champion

have you tried to change time range to "Last 7 days"

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...