Can I use data from two different metrics in the s...

suryagogi · ‎10-19-2017

I have two different metrics: one metric tells if a device is online. Another metric tells if a device has a process crash. How do I get average crashes per device installed? For example, I can get number of unique devices online in the last seven days. I can also get number of process crashes in the last seven days. How do I calculate average number of process crashes per device installed?

cmerriman · ‎10-19-2017

it would be helpful if you could give a little more detail. for example sourcetypes/indexes/etc. and field names so that we can see what each event has and help write a query surrounding that. also, sample data is really helpful.

that said, something like this might help get you started:

index=online_devices OR index=process_crashes earliest=-7d|stats count(eval(index="online_devices")) as online_devices count(eval(index="process_crashes")) as process_crashes|eval crashes_per_device=round(process_crashes/online_devices,2)

Can I use data from two different metrics in the same dashboard?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Can I use data from two different metrics in the same dashboard?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem