Using timewrap, trying to dynamically determine av...

ericrobinson · ‎05-06-2016

Great app.. I just cant figure out how to assign a value that matches the event_count or anything else (closed_txn count)

In the example below, he shows how to calculate rolling 7 day average, but its a static number.

My dashboard uses "Business week to date". So I want my denominator for the average to be the number of day I am in the week (or event_count as mentioned above). I have just so far been unsuccessful in getting it to work.

Monday=total/1; Tuesday=total/2; Wednesday=total/3 etc..

| timechart count span=1h | timewrap d series=short | addtotals s* | eval 7dayavg=Total/7.0 <-Basically, how do I make this dynamic based on the number of runs, or day of the week?-> | table _time, _span, s0, s1, 7dayavg | rename s0 as now, s1 as yesterday

somesoni2 · ‎05-06-2016

Try like this

your base search | timechart count span=1h
| timewrap d series=short
| addtotals s* | eval noofdays=0 | foreach s* [eval noofdays=noofdays+1 ]
| eval Dailyavg=Total/noofdays
| table _time, _span, s0, s1, Dailyavg
| rename s0 as now, s1 as yesterday

sloshburch · ‎06-13-2016

@ericrobinson: Did that answer your question?

Using timewrap, trying to dynamically determine average based on event_count.

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!