https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316786#M94782 <P>yes, it work and better than my search.</P> <P>but how can i group by date to show how many stock up and down<BR /> after your search, if i want to use transaction date , it will so no result found.</P> Wed, 18 Oct 2017 10:12:16 GMT kennethyeung 2017-10-18T10:12:16Z https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316784#M94780 <P>I have index data like below, and I want to calculate how many have a stock price higher than yesterday.<BR /> date, stock, price<BR /> 20171016, abc, 100<BR /> 20171016, def, 80<BR /> 20171015, abc,120<BR /> 20171015, def, 60<BR /> 20171014, abc, 100<BR /> 20171014, def, 70</P> <P>My search can do that, but is any other better search to do it as well<BR /> index=test <BR /> | eval nexttime=strftime(relative_time(now(),"-2d") ,"%Y%m%d")</P> <P>| table * <BR /> | where 'date' &gt;= nexttime <BR /> | eventstats avg(close) as aa by code <BR /> | eval updown = if((close &gt; aa), 1,0) <BR /> | table * | where 'date' &gt; nexttime <BR /> | addcoltotals <BR /> | tail 1| table updown</P> <P>Also, if i want to do similar function for last 7 day, how can i do it?</P> Wed, 18 Oct 2017 08:19:00 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316784#M94780 kennethyeung 2017-10-18T08:19:00Z https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316785#M94781 <P>Try this!</P> <P>(your search)<BR /> |table date,stock,price<BR /> |sort stock,date<BR /> |streamstats count by stock<BR /> |delta price as diff_price<BR /> |eval diff_price=if(count=1,0,diff_price)</P> Tue, 29 Sep 2020 16:16:37 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316785#M94781 HiroshiSatoh 2020-09-29T16:16:37Z https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316786#M94782 <P>yes, it work and better than my search.</P> <P>but how can i group by date to show how many stock up and down<BR /> after your search, if i want to use transaction date , it will so no result found.</P> Wed, 18 Oct 2017 10:12:16 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316786#M94782 kennethyeung 2017-10-18T10:12:16Z https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316787#M94783 <P>Please tell me the output image.</P> Wed, 18 Oct 2017 12:53:25 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316787#M94783 HiroshiSatoh 2017-10-18T12:53:25Z https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316788#M94784 <P>i want some thing like below</P> <P>date, number of stock raise<BR /> 20171016 , 1<BR /> 20171015,1</P> Wed, 18 Oct 2017 15:01:55 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316788#M94784 kennethyeung 2017-10-18T15:01:55Z https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316789#M94785 <P>Should diff_price count the plus?</P> <P>|stats count(eval(diff_price&gt;0)) as updown by date</P> Wed, 18 Oct 2017 15:25:13 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316789#M94785 HiroshiSatoh 2017-10-18T15:25:13Z https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316790#M94786 <P>thanks it work as what i want, let me spend some time to play with those syntax, i am newbies in splunk</P> Thu, 19 Oct 2017 02:30:32 GMT https://community.splunk.com/t5/Splunk-Search/How-can-I-compare-data-between-two-dates/m-p/316790#M94786 kennethyeung 2017-10-19T02:30:32Z