Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Single trend values from day to day

neilhiley
Explorer
‎07-15-2015 06:47 AM

Hi. I want to display two figures of the total avg per day and display from previous day. With showing a percentage in green or red weather its better or worse than the day before...

My current search is like

......... | bucket _time span=1d | stats avg(msecs) AS Total_avg

This displays total average how do I display figures for each month.

Tags (3)
0 Karma
Reply

HeinzWaescher
Motivator
‎07-15-2015 07:47 AM

You can use a timechart to calculate the averages and the streamstats command to calculate a daily ratio:

 ...| timechart span=1d avg(msecs) AS avg
 | streamstats current=f global=f window=1 latest(avg) as previous_day_avg
 | eval ratio=round(avg/previous_day_avg,2)

To do it per month use:
| timechart span=1mon avg(msecs) AS avg

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...