Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How can I compare data between two dates?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have index data like below, and I want to calculate how many have a stock price higher than yesterday.
date, stock, price
20171016, abc, 100
20171016, def, 80
20171015, abc,120
20171015, def, 60
20171014, abc, 100
20171014, def, 70
My search can do that, but is any other better search to do it as well
index=test
| eval nexttime=strftime(relative_time(now(),"-2d") ,"%Y%m%d")
| table *
| where 'date' >= nexttime
| eventstats avg(close) as aa by code
| eval updown = if((close > aa), 1,0)
| table * | where 'date' > nexttime
| addcoltotals
| tail 1| table updown
Also, if i want to do similar function for last 7 day, how can i do it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this!
(your search)
|table date,stock,price
|sort stock,date
|streamstats count by stock
|delta price as diff_price
|eval diff_price=if(count=1,0,diff_price)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this!
(your search)
|table date,stock,price
|sort stock,date
|streamstats count by stock
|delta price as diff_price
|eval diff_price=if(count=1,0,diff_price)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes, it work and better than my search.
but how can i group by date to show how many stock up and down
after your search, if i want to use transaction date , it will so no result found.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please tell me the output image.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i want some thing like below
date, number of stock raise
20171016 , 1
20171015,1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Should diff_price count the plus?
|stats count(eval(diff_price>0)) as updown by date
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks it work as what i want, let me spend some time to play with those syntax, i am newbies in splunk
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
