I have the following data
Date Server Value 1st Jan abc 10 1st Jan xyz 12 2nd Jan abc 15 2nd Jan xyz 20
I want to be able to find the change in value, per server over time.
I would like the results to be similar to:
Server ChangeSinceYesterday abc 5 xyz 8
Can anyone help me to do this in Splunk?
I think this may work, but might be missing something in the syntax...
Full search below:
index=ad source=otl_aduserscan | search samAccountName=smcdonald | table displayName, samAccountName, mailboxGB | sort by displayName | reverse | streamstats window=1 current=f earliest(mailboxGB) as p_val by samAccountName | eval chg=(p_val- mailboxGB) | table samAccountName, mailboxGB, chg