I'm using the following search which I have working in a dashboard.
"A PUT was made to OpenAAA API - Status: OK"
| spath AppID | search AppID=200296 Environment=prod | timechart count by Environment|
It displays the # of events for each day without issue.
But how can I get the average # of events for the same 7-day time frame?
Any help would be greatly appreciated!
Hi @kvanwagoner,
You can provide span value in the timechart
command to have it display count over 7 day period.
For example:
"A PUT was made to OpenAAA API - Status: OK" | spath AppID | search AppID=200296 Environment=prod | timechart span=7d count by Environment
Splunk Doc: Timechart Bin Options