Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

In splunk to find percentage difference for each column

pswalia06
Explorer
‎08-09-2018 09:12 PM

I need to find the difference between each date for each App_name in splunk

Right now my query just show the today number of record recieve each day per topic name/ Appname. I want to find out the percentage difference of record for each day from its previous day.

index="platform" sourcetype="logs" | rex "sent:\s(?\d+)\sfrom the file\s:\s(?[\w.\/_-]+)\s" | rex field=source ".(?[\w\/_-]+)." | timechart span=24h sum(record) as records by topic_name

Can someone help

Tags (1)
Reply

renjith_nair
Legend
‎08-10-2018 07:11 AM

@pswalia06,

Try this

index="platform" sourcetype="logs" | rex "sent:\s(?\d+)\sfrom the file\s:\s(?[\w.\/_-]+)\s" | rex field=source ".(?[\w\/_-]+)." 
|timechart span=24h sum(record) as records by topic_name
|untable _time,topic_name,records|sort topic_name,_time
|streamstats last(records) as prev_records  current=f window=1 reset_on_change=true by topic_name|fillnull value=0
|eval perc=((records-prev_records  )/records)*100|fields - records,prev_records  |xyseries _time,sourcetype,perc
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...