How to get result for field value difference?

EvansB · ‎05-23-2022

Working with this query, I'm hoping to get only results where field values are greater than the other.

index="index*"
| eval MonthNumber=strftime(_time,"%m") 
| chart eval(round(avg(durationMs), 0)) AS avg_durationMs by properties.url, MonthNumber 
| rename 04 AS "Apr", 05 AS "May"

I want to get only results of where Apr values is greater than May by 10

richgalloway · ‎05-23-2022

If you only want to see results where the "May" number is greater than the "Apr" number then add a where command to the query.

| where May > Apr

---
If this reply helps you, Karma would be appreciated.

EvansB · ‎05-23-2022

This gives me general results. I need results that are only greater than 10 and beyond. This is for the purpose of setting up an alert when values between May and Apr is greater than 10

Thanks

richgalloway · ‎05-23-2022

Change the where command to test for the desired difference.

| where May > Apr+10

---
If this reply helps you, Karma would be appreciated.

EvansB · ‎05-23-2022

Appreciate your assistance

How to get result for field value difference?

count

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update