How to calculate percent change over selectable ti...

tkwaller_2 · ‎07-18-2024

Hello

I'd like to create a single value viz that displays the percent change from a pint in time to now. Basically, I have a dashboard that has a panel that simply counts the number of records in the given timerange. The time is a simple time picker and the base search is a simple:

index=myindex | stats count

I would like to add a panel, maybe single viz, that shows a percent change. For example, if the default is "Last 24 hours" I would like to show the count of the last 24 hours and the percent change from the previous 24 hours. Additionally, if the user selected "Last 7 days" i would like it to give the count of the last 7 days and the percent change from 7 days before that.

Thanks for the help

yuanliu · ‎07-18-2024

Make your selector token "24hour", "7day", etc. Let's call it $span_tok$. This should do.

index=myindex earliest=-$span_tok$-$span_tok$
| timechart span=$span_tok$ count
| streamstats delta(count) as pct_change
| eval pct_change = pct_change / (count - pct_change) * 100

The idea is simple, look back 2x $span_tok$, then calculate delta on the go.

How to calculate percent change over selectable timerange

count

stats

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation