All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I graph today vs yesterday vs the weekly average?

carasso
Splunk Employee
Splunk Employee
‎02-07-2014 12:05 PM

this was asked by a customer. I'm repeating it so others can see the answer...

Reply
1 Solution
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎02-07-2014 12:07 PM

Step 1) get the Timewrap app, which adds a new "timewrap" search command.

Step 2) Search for the last 7 days and run this:

*  
| timechart count span=1h
| timewrap  d series=short
| addtotals s*
| eval 7dayavg=Total/7.0
| table _time, _span, s0, s1, 7dayavg
| rename s0 as now, s1 as yesterday

Basically, we're using timewrap over the last 7 days, and then using addtotals and eval to calculate the average over those 7 days. We then rename fields and cut out days 3-7, because we only wanted today, yesterday, and the weekly average.

View solution in original post

Reply
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎02-07-2014 12:07 PM

Step 1) get the Timewrap app, which adds a new "timewrap" search command.

Step 2) Search for the last 7 days and run this:

*  
| timechart count span=1h
| timewrap  d series=short
| addtotals s*
| eval 7dayavg=Total/7.0
| table _time, _span, s0, s1, 7dayavg
| rename s0 as now, s1 as yesterday

Basically, we're using timewrap over the last 7 days, and then using addtotals and eval to calculate the average over those 7 days. We then rename fields and cut out days 3-7, because we only wanted today, yesterday, and the weekly average.

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...