How to alert based off the last reported number in a time chart. I want to alert based on a comparison of the last two numbers where if it that value grew more than x%, I want it to alert.
add this:
| tail 2 | reverse | autoregress count | eval pct_increase=100 * (count - count_p1)/count | where pct_increase > X
add this:
| tail 2 | reverse | autoregress count | eval pct_increase=100 * (count - count_p1)/count | where pct_increase > X
so this is great however the pct_increase (i renamed it to pct_diff) is not putting a decimal so for instance
count count_p1 pct_diff
18.32 10.25 807
pct_diff should be 8.07
i fixed it by adding a decimal
| eval pct_increase=1.00 * (count - count_p1)/count | where pct_increase > X
thanks again i will be suing this a lot!
Could you provide more information on your current outputs and expected output? (The title says stats and the question says timechart ) Also share you current queries.