Dashboards & Visualizations

Comparing data on two sets obtained from two different date ranges?

m_vivek
Path Finder

My data looks something like this
C1 C2 C3 C4 date
1 2 3 4 xx-xx-xxxx
3 4 3 1 xx-xx-xxxx
5 6 7 6 xx-xx-xxxx

C1 C2 C3 C4 date
4 5 3 4 yy-yy-yyyy
2 4 6 1 yy-yy-yyyy
7 4 7 0 yy-yy-yyyy

I am to extract this data from two different dates and compare their means etc.
How should I proceed ?
Any suggestions are welcome.

What I want to do :
Extract data from both dates in a single query
compare means on each column in both sets
display output in the form of a range map or a tabset icon inline.

Tags (3)

m_vivek
Path Finder

Getting both sets of results based on the choice of dates in a single query is
how far I have got till now. take a look.

index=abcd host=pqrs*   earliest=07/01/2015:00:0:0 latest=07/02/2015:01:0:0 | fields DUR, TYPE | timechart limit=0 span=10m count, avg(DUR) by TYPE | eval dataset=1 | append[index=abcd host=pqrs*   earliest=07/03/2015:00:0:0 latest=07/04/2015:01:0:0 | fields DUR, TYPE | timechart limit=0 span=10m count, avg(DUR) by TYPE  | eval dataset=2]

abcd pqrs are just for an idea.

My next step is to calculate means of each field/column for the corresponding data set and compare the means and output the results of the comparison in the form of a rangemap or tabset icon(inline).

Any suggestions/recommendations are welcome.
Thanks

0 Karma

jensonthottian
Contributor

If I am correct you have two time ranges to be compared in one report-

-http://blogs.splunk.com/2012/02/19/compare-two-time-ranges-in-one-report/

Use date format instead of relative time.

m_vivek
Path Finder

Thank you for that @jensonthottian.
But,

I have about 180 items/fields that are being measured. I need to do a statistical analysis on each of the 180 fields/entities and then compare them over the time ranges.

How should I proceed in this case?

0 Karma

masonmorales
Influencer

Take a look at the Timewrap app: https://splunkbase.splunk.com/app/1645/

Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...