I am new in to splunk and i need to create dashboard with chart which can show average of one field on daily basis and display into chart.
Suppose yesterday average (execution time) for all event is 2.9 seconds
day before yesterday its 2.8 seconds likewise
I need to show a chart for all previous days may be last 1 months/10 days with average in chart.
Below is my query for chart
<title>UI Source Type Trends</title> <chart> <search> <query>index=abc sourcetype="sfdc:logfile" $userId$ $recordId$ | search EVENT_TYPE="ApexExecution" | table EXEC_TIME </query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="height">119</option> <option name="refresh.display">progressbar</option> </chart> </panel>
Please help
how many events par day?
If there is so many events, create csv and search it.