I have a problem with a requirement to remove data collected on weekend days from my indexes. I can do this accurately, but when I run a calculation over the resultant set, it seems to continue to include data from these days as 'zeros'. Here is the search string:

index=edistats  RealName="ShipmentOpen"  | `isWeekDay(_time)` | where weekDay < 6 AND weekDay > 0  | timechart span=1d avg(Elapsed) as average | `lineartrend(_time,average)` | timechart max(average)  as mean sum(newY) as regression

The included macros are:

isWeekDay:

eval weekDay = strftime($time$,"%w")

and lineartrend:

eventstats count as numevents sum($x$) as sumX sum($y$) as sumY sum(eval($x$*$y$)) as sumXY sum(eval($x$*$x$)) as sumX2 sum(eval($y$*$y$)) as sumY2 | eval slope=((numevents*sumXY)-(sumX*sumY))/((numevents*sumX2)-(sumX*sumX)) | eval yintercept= ((sumY*sumX2)-(sumX*sumXY))/((numevents*sumX2)-(sumX*sumX))| eval newY=(yintercept + (slope*$x$)) | eval R=((numevents*sumXY) - (sumX*sumY))/sqrt(((numevents*sumX2)-(sumX*sumX))* ((numevents*sumY2)-(sumY*sumY))) | eval R2=R*R

The first macro does the job and comes up with the days I want to drop, however, if I do this, the fitted linear regression is lower than what it should be. This is clear from the visual display as the raw trend is mostly flat.

Do I need to do something in the lineartrend macro to ensure it avoids these dropped days?

Thanks,

Stan