For the simple day over day case, the recipe for this solution is pretty well covered in:
http://answers.splunk.com/questions/2712/line-chart-comparing-yesterdays-result-with-todays-result-i...
To add a series for the weekly average, for each of the previous seven days at each time bucket, the search is significantly more involved. To do this, the first task is to | append [] some results that are the computation of the average. The details of the inner search depend on what type of aggregate function that you're using, in this case, you're looking at count, so it's not too bad:
... | append [search earliest=-7d@d latest=@d ... | eval _time = ((_time - relative_time(now(), "-7d@d")) % 86400) + relative_time(now(), "@d") | bin _time span=15m | chart count by _time | eval metric = count/7 | eval marker = "weekly average"]
Now you just have to glue this right before the final | chart in the day_over_day search in the referenced post, and you should have your answer.
Putting it all together:
<data> earliest=-1d@d latest=@h
| timechart span=15m count as metric
| addinfo
| eval marker = if(_time < info_min_time + 86400, "yesterday", "today")
| eval _time = if(_time < info_min_time + 86400, _time + 86400, _time)
| append [search <data> earliest=-7d@d latest=@d eventtype=download
| eval _time = ((_time - relative_time(now(), "-7d@d")) % 86400) + relative_time(now(), "@d")
| bin _time span=15m
| chart count by _time
| eval metric = count/7
| eval marker = "weekly average"]
| chart median(metric) by _time marker
