Using timewrap, trying to dynamically determine av...

ericrobinson · ‎05-06-2016

Great app.. I just cant figure out how to assign a value that matches the event_count or anything else (closed_txn count)

In the example below, he shows how to calculate rolling 7 day average, but its a static number.

My dashboard uses "Business week to date". So I want my denominator for the average to be the number of day I am in the week (or event_count as mentioned above). I have just so far been unsuccessful in getting it to work.

Monday=total/1; Tuesday=total/2; Wednesday=total/3 etc..

| timechart count span=1h | timewrap d series=short | addtotals s* | eval 7dayavg=Total/7.0 <-Basically, how do I make this dynamic based on the number of runs, or day of the week?-> | table _time, _span, s0, s1, 7dayavg | rename s0 as now, s1 as yesterday

somesoni2 · ‎05-06-2016

Try like this

your base search | timechart count span=1h
| timewrap d series=short
| addtotals s* | eval noofdays=0 | foreach s* [eval noofdays=noofdays+1 ]
| eval Dailyavg=Total/noofdays
| table _time, _span, s0, s1, Dailyavg
| rename s0 as now, s1 as yesterday

sloshburch · ‎06-13-2016

@ericrobinson: Did that answer your question?

Using timewrap, trying to dynamically determine average based on event_count.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation