Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Create a Timechart to compare values from computation using multisearch and after stats

andres91302
Communicator
‎04-20-2021 10:10 AM

Hello guys  I am trying to create a timechart in my dashboard where I can show the percentage of people that enter my website and made a purchase  this calculation is equal to = amount_purchase/total_amount and my code looks like this:

 

| multisearch
[| search index="A"
| search IN_PEOPLE="gate_10"]
[|search index="CATALOGUE"
| search ACC="pur_ok"]
| streamstats c(IN_PEOPLE) as IN, c(ACC) as OUT
| eval rate=OUT/IN

 

now that rate was been calculated I want a timechart that can show me the value of rate for the last 10 days I was trying with the following code

 

| multisearch
[| search index="A"
| search IN_PEOPLE="gate_10"]
[|search index="CATALOGUE"
| search ACC="pur_ok"]
| streamstats c(IN_PEOPLE) as IN, c(ACC) as OUT
| eval rate=OUT/IN
| timechart span=1d max(rate) as rate

 


BUT is not showing what I am looking for due to that it will give the max value of rate recorded but what I want is the overall rate of yesterday and the day before and so on.. to give you guys an example the rate for yesterday (abril 19 from 00:00 to 24:00) was 0.78 but my code is giving me 1 because I guess at some point it was a 1 the max value of rate

thank you so much to anyone that can help me out, I trullly from the bottom of my heart appreaciate your help


 

  


Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!