How to calculate difference between field values i...

vikas_sood · ‎03-22-2022

Hi,

i have 2 events with 3 fields: timestamp , servername, cpu_usage:

22-Mar-2022 00:00:00, server1 ,18

23-Mar-2022, 00:01:00 server1 , 82

22-Mar-2022 00:00:00, server2 ,78

23-Mar-2022, 00:01:00 server2 , 14

I want to calculate difference between 2nd and 1st event for each server. Can you please suggest, how this can be done?

ITWhisperer · ‎03-22-2022

| stats range(cpu_usage) as difference by servername

vikas_sood · ‎03-22-2022

That works, is it possible to add + and - in difference?

ITWhisperer · ‎03-22-2022

| stats first(cpu_usage) as first_value last(cpu_usage) as last_value by servername
| eval difference=last_value-first_value
| eval difference=if(difference>0,"+".difference,difference)

How to calculate difference between field values in two events?

field extraction

fields

stats

table

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!