Solved: How to calculate values in two fields ?

mah · ‎10-14-2020

hi,

My issue is I have a table like that :

I want to create an third column that create the result of :

first line = field1 - field2=field3

second line = first line field3 + second line field1 - second line field2=new field3

third line = second line field3 + third line field1 - third line field2=new field3

etc...

Can you help me ?

Thanks!

ITWhisperer · ‎10-15-2020

I thought the autoregress would be dynamic - it isn't. Try

| eval change=IN-OUT
| streamstats sum(change) as f3

ITWhisperer · ‎10-14-2020

| autoregress field_3
| fillnull value=0 field_3_p1
| eval field_3=field_3_p1+field_1-field_2

The fillnull may be redundant

mah · ‎10-15-2020

hi,

the result is wrong :

You can see that the field_3 is not correct because it must be LAST field_3+field IN - field OUT

the field_3 here just calculate field IN - field OUT.

example of line 5 : -2 (last field_3)+4-0=2 and not 4

Can we do that ?

ITWhisperer · ‎10-15-2020

Please share the query you used to get this result

mah · ‎10-15-2020

I just add your commands after my chart command :

| chart count(user) over _time by type
| autoregress field_3
| fillnull value=0 field_3_p1
| eval field_3=field_3_p1+IN-OUT

result :

ITWhisperer · ‎10-15-2020

I thought the autoregress would be dynamic - it isn't. Try

| eval change=IN-OUT
| streamstats sum(change) as f3

mah · ‎10-15-2020

It is perfect !

Thank you !

How to calculate values in two fields ?