Hi,
I am new to splunk so bear with me please.
I am trying to display data by each day in a chart and then right at the end, display the difference of last 2 days in one column and then display difference from last Week,
My query currently looks like this
index=x1 sourcetype=x2 | eval minutes=seconds/60 | chart sum(minutes) over customer by date_mday useother=f limit=50 | table customer 16 17 | rename 16 as day16 | rename 17 as day17 | eval diff=day17-day16
This gives me Yesterday and day before, which is perfectly fine.
However, I would like to do all this dynamically. So if the query ran on the 20th, it would show the day for 18th and 19th. I cannot hard code every single day of the month.
The final bit is to show all previous days as well as showing the difference weekly.
Cheers
... View more