How to create a timechart search for the average o...

chrispappo · ‎02-11-2016

Hi,

I have 4 dates (format mm/dd/yyyy)

start 1: 01/01/2016 end 1: 01/07/2016
Start 2: 02/01/2016 end 2: 02/07/2016

In these two ranges, I'm looking for the logs with the field delta (which is a numeric field). At the end, I would like a result like this:

date           avg(detlta)
01/07/2016     0.4
02/07/2016     0.1

I'm thinking about doing a search like this:

index=rs action  latest="01/07/2016:00:00:00" earliest="01/01/2016:00:00:00"  | append [search index=rs action  latest="02/07/2016:00:00:00" earliest="02/01/2016:00:00:00"] | timechart  avg(delta)

but this request is very long and does not really result in what I'm looking for. Does anyone know a better solution?

thanks

somesoni2 · ‎02-11-2016

Try this

 index=rs action  latest="01/07/2016:00:00:00" earliest="01/01/2016:00:00:00"  | stats avg(delta) | eval _time=strptime("01/01/2016","%m/%d/%Y") | append [search index=rs action  latest="02/07/2016:00:00:00" earliest="02/01/2016:00:00:00" | stats avg(delta) | eval _time=strptime("02/01/2016","%m/%d/%Y") ]

How to create a timechart search for the average of a field between two date ranges?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to create a timechart search for the average of a field between two date ranges?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...