Solved: Re: How can I graph today vs yesterday vs the week...

carasso · ‎02-07-2014

this was asked by a customer. I'm repeating it so others can see the answer...

carasso · ‎02-07-2014

Step 1) get the Timewrap app, which adds a new "timewrap" search command.

Step 2) Search for the last 7 days and run this:

*  
| timechart count span=1h
| timewrap  d series=short
| addtotals s*
| eval 7dayavg=Total/7.0
| table _time, _span, s0, s1, 7dayavg
| rename s0 as now, s1 as yesterday

Basically, we're using timewrap over the last 7 days, and then using addtotals and eval to calculate the average over those 7 days. We then rename fields and cut out days 3-7, because we only wanted today, yesterday, and the weekly average.

View solution in original post

carasso · ‎02-07-2014

Step 1) get the Timewrap app, which adds a new "timewrap" search command.

Step 2) Search for the last 7 days and run this:

*  
| timechart count span=1h
| timewrap  d series=short
| addtotals s*
| eval 7dayavg=Total/7.0
| table _time, _span, s0, s1, 7dayavg
| rename s0 as now, s1 as yesterday

Basically, we're using timewrap over the last 7 days, and then using addtotals and eval to calculate the average over those 7 days. We then rename fields and cut out days 3-7, because we only wanted today, yesterday, and the weekly average.

How can I graph today vs yesterday vs the weekly average?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!