Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to subtract field values every 5 minutes and display these results on a graph?

dperry
Communicator
‎06-22-2015 02:47 PM

This log is updated every 5 minutes (I have included three examples of the logs). The value is cumulative. So, while graphing it in Splunk, I have to deduct the previous value to get the value for that 5 minute interval. So for example, lets take one field, pdweb.sescache hit has the following three values of 26965624, 27089514, and 27622280.

Taking 27622280-27089514 = 532766 (this is the actual value I want for that 5 minute interval.)

2015-06-22-11:30:00.000-08:00I----- pdweb.sescache hit : 26965624

2015-06-22-11:30:00.000-08:00I----- pdweb.sescache hit : 27089514

2015-06-22-11:30:00.000-08:00I----- pdweb.sescache hit : 27622280
Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jnicholsenernoc
Path Finder
‎06-23-2015 11:42 AM

Use the delta command:

index=main pdweb | delta pdweb.sescache as hits | timechart last(hits)

http://docs.splunk.com/Documentation/Splunk/6.2.3/SearchReference/Delta

View solution in original post

Reply
Solved! Jump to solution
Solution

jnicholsenernoc
Path Finder
‎06-23-2015 11:42 AM

Use the delta command:

index=main pdweb | delta pdweb.sescache as hits | timechart last(hits)

http://docs.splunk.com/Documentation/Splunk/6.2.3/SearchReference/Delta

Reply
Solved! Jump to solution

pradeepkumarg
Influencer
‎06-22-2015 04:09 PM

Something like below should work for you

 
... | delta pdweb.sescache AS cache p=1 | timechart avg(cache)
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...