Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I build a chart that show the difference between two fields?

jfallon1
New Member
‎04-19-2018 07:13 AM

index=app sourcetype=application1 source=server1production with this search I get back two field Baseprice and finalprice. How can I build a chart that show the difference between finalprice and baseprice?

Tags (3)
0 Karma
Reply

Sukisen1981
Champion
‎04-19-2018 10:03 AM

not cleat what you want, I am guessing you want some sort of final price (y axis) over baseprice(xaxis) and also the difference.
If so, try this |chart values( finalprice) by baseprice| eval diff=finalprice-baseprice
Use format option in visualization > select diff as chart overlay
But as @adonio says, are your fields numerical?

0 Karma
Reply

adonio
Ultra Champion
‎04-19-2018 08:06 AM

are those numeric fields? meaning are the values for these fields are numbers?
if so, try this ... your search ... | eval diff = finalprice - baseprice | chart ...

0 Karma
Reply
Get Updates on the Splunk Community!

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...