- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to compare two time same time frames with ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to compare two time same time frames with different day's.
How to compare the average value of the field in two different time frames i.e same time today with same time yesterday.
Compare the today time frame with yesterday's time frame.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If i use timewrap it gives the total day average like yesterday total average comparing with today time frame(example like last 60mins). I'm looking for the search to compare the average value in the same time frame like 1 pm to 1.30 pm today with 1 pm to 1.30 pm yesterday.
my search is :
index=XXXX sourcetype=XXXXX esb_service="XXXXXX" esb_environment=prod esb_event=esbRespBE
| eval esb_backend_time=round(esb_backend_time/1000,2)
| bin _time span=15m
| stats max(esb_backend_time) as response_time by esb_service,_time
| eval response_time = round(response_time,2)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index=XXXX sourcetype=XXXXX esb_service="XXXXXX" esb_environment=prod esb_event=esbRespBE
| eval esb_backend_time=round(esb_backend_time/1000,2)
| bin _time span=15m
| stats max(esb_backend_time) as response_time by esb_service,_time
| eval response_time = round(response_time,2)
| eval date=if(strftime(now(),"%F")=strftime(_time,"%F"),"today","yesterday")
| eval _time=strftime(_time,"%T")
| xyseries _time date response_time
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@to4kawa @Hi Thanks for the query.
It's comparing total day, i'm looking for specific time frame today with yesterday. The query which you provided gives the today all day time frame comparison with yesterday all day comparison, if i'm looking 1 hr window for today need to compare with same 1 hr time frame yesterday only. Only those results needs to be displayed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I didn't see any such requirement from the first question and your query.
and your query is span=15min
for 1 hour comparison, How are you going to aggregate 4 values?
Please summarize what you want to do before you ask the question again and again.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to compare the average response time value in 1 hr for span=15 mins to same 1 hr time in yesterday (like 4 aggregate values).
example i want to compare the average response time for the period 06/15/2020 3 PM to 4 PM with 06/16/2020 3 PM to 4 PM . Only 4 aggregate comparison values should be appear as my results.
average value comparison
Looking for results like below
timeframe today-value yesterday-value
15.15.00 00000 00000
15.30.00 44444 44444
15.45.00 11111 11111
16.00.00 22222 22222
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
please modify my query.
the result contains what you want.
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
