Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to use timechart to show increase in recent 7 days

bestSplunker
Contributor
‎05-28-2020 07:31 PM

hey, I cant use |timechart count span=1d to calculate recent 8 days count, search result as follow:

_time           count
2020/05/21       100
2020/05/22       120
2020/05/23       180
2020/05/24       200
2020/05/25       270
2020/05/26       380
2020/05/27       490
2020/05/28       680

now,I want to calculate the increase quantity of each day compared with the previous day. The results should be as follows

    _time           increase 

    2020/05/22       20
    2020/05/23       60
    2020/05/24       20
    2020/05/25       70
    2020/05/26       110
    2020/05/27       110
    2020/05/28       190

then use timechart show the increase quantity |timechart count span=1d

is there have a simple search statement to do it?

Tags (1)
0 Karma
Reply

to4kawa
Ultra Champion
‎05-28-2020 08:32 PM 
|timechart count span=1d
| delta count as increase
| table _time increase

use delta

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...