Calculate the Difference from the previous week re...

jcarstar · ‎04-09-2020

I have a simple timechart showing a percentage of status that = success from the total count of phase=second found.

index=logs phase=second
| timechart span=7d count AS total count(eval(status="SUCCESS")) AS success
| eval Percentage=round((success/total)*100,2)
| table _time Percentage

This report runs every 7days so it tells me the percentage for that week.

_time   Percentage   
2018-05-17  31.91
2018-05-24  61.38
2018-05-31  11.36

Trying to calculate the Deltas from week-to-week. so an example would be like below

_time   Percentage   
2018-05-17-2018-05-24   0.3191 - 0.6138 = -0.2947 change
2018-05-24-2018-05-31 0.6138 - 0.1136 = 0.5002 change

I cannot seem to figure out how to subtract the values every 7 days from the previous value from 7 days.

Thanks!

manjunathmeti · ‎04-09-2020

Use delta command,

index=logs phase=second
| timechart span=7d count AS total count(eval(status="SUCCESS")) AS success
| eval Percentage=round((success/total), 2)
| table _time Percentage
| delta Percentage as Percentage
| eval Percentage = -Percentage

jcarstar · ‎04-10-2020

this worked, thanks

Calculate the Difference from the previous week results.

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Join the Conversation

Calculate the Difference from the previous week results.

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events