Archive
Highlighted

How to calculate N series of values?

New Member

My table look like this

Date/Time Name Value

26/6/2014 1:00 Foo 10
26/6/2014 2:00 foo 100 ..................Highest value of the day
26/6/2014 3:00 foo 0
..
...
..
26/6/2014 24:00 foo 0
27/6/2014 00:00 foo 0
.....
...............
..................
27/6/2014 8:00 foo 50
27/6/2014 9:00 foo 150 ................................. highest value of the day
......................
...................
27/6/2014 24:00 foo 0
28/6/2014 00:00 foo 0
........................
...........................

28/6/2014 12:00 foo 100
28/6/2014 13:00 foo 160 ..............................Highest value of the day
............................
.....................

I want the output and it would be looks

Date/Time Name Value

26/6/2014 1:00 Foo 10
26/6/2014 2:00 foo 100 ..................Highest value of the day
26/6/2014 3:00 foo 0+100
.26/6/2014 4:00 foo 0+100.
...
26/6/2014 22:00 foo 0+100
26/6/2014 23:00 foo 0+100.
26/6/2014 24:00 foo 0+100
27/6/2014 00:00 foo 0+100 ( This Value 100 is highest value of 26th date need to add on next date value)
27/6/2014 01:00 foo 0+100
.....
...............
..................
27/6/2014 06:00 foo 0+100
27/6/2014 07:00 foo 0+100
27/6/2014 08:00 foo 50+100
27/6/2014 09:00 foo 150 +100................................. highest value of the day
......................
...................
27/6/2014 24:00 foo 0+150+100
28/6/2014 00:00 foo 0+150+100 ( This Value 150+100= 250 is highest value on 27th date need to add on next date values)
28/6/2014 01:00 foo 0+150+100
........................
...........................
28/6/2014 10:00 foo 0+150+100
28/6/2014 11:00 foo 0+150+100
28/6/2014 12:00 foo 100+150+100
28/6/2014 13:00 foo 160 +150+100..............................Highest value of the day
28/6/2014 14:00 foo 0+160 +150+100.
28/6/2014 15:00 foo 0+160 +150+100.
28/6/2014 16:00 foo 0+160 +150+100.
..................................
....................................
..........................................
28/6/2014 24:00 foo 0+160 +150+100.( This Value 160+150+100= 410 is highest value on 28th date need to add on next date values)...
so...on

How to do search query for the above table.

Tags (2)
0 Karma
Highlighted

Re: How to calculate N series of values?

SplunkTrust
SplunkTrust

See if this is what you want. Use _internal data for scheduler sourcetype. This should work on any Splunk instance.

index=_internal sourcetype=scheduler earliest=-3d | bucket span=1h _time | stats count by _time sourcetype | eval Day=strftime(_time,"%Y-%m-%d")  | eventstats max(count) as max by Day sourcetype | eval max=if(max=count,max,0) | eval DayMax=max | accum max | eval newcount=max+count | fields - Day max
0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.