Hello,
Very new to the SPL world so forgive me if this is basic.
I am looking to create a visualization that charts out
1) Errors reported for that day of the week in the last 7 days
2) Provides a baseline of average errors per day of the week in the last 60 days.
So far I have, as an example:
index=main sourcetype="access_combined_wcookie" status>=500
| chart count as "Server Errors" by date_wday
| eventstats avg(Server Errors)
This gives me the running average for errors by not
Day of the Week Number of Errors 60 DAY Average errors for that day of the week
Monday 14 12.38
Tuesday 10 13.69
etc...and be able to chart this.
Any help and explanation of the how would be much appreciated.
Thank you in advance.
Thank you very much. Now I need to figure out the proper eval command to populate count with real data.
| gentimes start=-60
| eval count=random() % 100
| rename starttime as _time
| fields - endhuman endtime starthuman
| eval date_wday=strftime(_time,"%A")
| eventstats avg(count) as average by date_wday
| fields - date_wday
| where relative_time(now(),"-7d@d")<=_time