How to compare same period with timewrap

Splunk Search

I want to compare statistics of events between 2 weeks, day per day.

I count events for every day in real time but when I compare last day versus first day delta is not coherent
For example, if my request is launched at 10am, it compares
For today, the number of events between 0 to 10am and for the same day last week, the number of events between 10am to midnight.

I want to compare for today, the number of events between 0 to 10am and for the same day last week, the number of events between 0 to 10am

mysearch | timechart count as sendOK | timewrap w | eval delta=round((sendOK_latest_week - sendOK_1week_before)*100/sendOK_latest_week,2) ." %" | table _time delta

How to compare the same period?

Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...