Hi team!
I want to compare last week with avg last three months.
This is my code right now. I need some help pls.
sourcetype="sophos*" * severity=high earliest=-90d@d
| timechart span=1month count
| timewrap month series=short
| eval mean=(s1+s2)/2
| where s0 < mean | table s0 mean | rename s0 AS "Last Week" mean AS "Avg last 3 months"
Cuold you give me some advice pls?
Thank you a lot.