I have data over time on the aging of ssd's that gives me a date, identifying information and a 'health' number. I want to get rates of change of that health number. My search thus far is:
source=new.csv (NOT Health:0 NOT Health:MISSING date=20150407 OR date=20150529 OR date=20150727) | eval combo = IP + Disk | transaction combo
I need to differentiate the health based on date so that I can calculate rates of change based on time interval, in other words I'd like to do:
(MayHealth - AprilHealth)/52 and so on to get the rate of change per day for each date pair.
My problem is I'm floundering figuring out how to differentiate each health. I do programming in several languages but am new to Splunk, so my initial reaction was to do (pseudocode):
if date = 20150407 then health = AprilHealth
elif date = 20150529 the health = MayHealth
else health = JulyHealth
Any suggestions? I think I'm looking for an eval function, or possible a rename, or maybe a rename within an if (is that even possible) but am stuck.
regards, Richard
... View more