Dashboards & Visualizations

Comparing data on two sets obtained from two different date ranges?

Path Finder

My data looks something like this
C1 C2 C3 C4 date
1 2 3 4 xx-xx-xxxx
3 4 3 1 xx-xx-xxxx
5 6 7 6 xx-xx-xxxx

C1 C2 C3 C4 date
4 5 3 4 yy-yy-yyyy
2 4 6 1 yy-yy-yyyy
7 4 7 0 yy-yy-yyyy

I am to extract this data from two different dates and compare their means etc.
How should I proceed ?
Any suggestions are welcome.

What I want to do :
Extract data from both dates in a single query
compare means on each column in both sets
display output in the form of a range map or a tabset icon inline.

Tags (3)

Path Finder

Getting both sets of results based on the choice of dates in a single query is
how far I have got till now. take a look.

index=abcd host=pqrs*   earliest=07/01/2015:00:0:0 latest=07/02/2015:01:0:0 | fields DUR, TYPE | timechart limit=0 span=10m count, avg(DUR) by TYPE | eval dataset=1 | append[index=abcd host=pqrs*   earliest=07/03/2015:00:0:0 latest=07/04/2015:01:0:0 | fields DUR, TYPE | timechart limit=0 span=10m count, avg(DUR) by TYPE  | eval dataset=2]

abcd pqrs are just for an idea.

My next step is to calculate means of each field/column for the corresponding data set and compare the means and output the results of the comparison in the form of a rangemap or tabset icon(inline).

Any suggestions/recommendations are welcome.

0 Karma


If I am correct you have two time ranges to be compared in one report-


Use date format instead of relative time.

Path Finder

Thank you for that @jensonthottian.

I have about 180 items/fields that are being measured. I need to do a statistical analysis on each of the 180 fields/entities and then compare them over the time ranges.

How should I proceed in this case?

0 Karma


Take a look at the Timewrap app: https://splunkbase.splunk.com/app/1645/