Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to show Trending compared to last month value

avni26
Explorer
‎09-23-2019 06:36 AM

Hello ,
I want to show trending compared to last score calculated.
I have multiple single panels calculating one field "score"for last month(August) based on some condition like last_month_count(August count) > last2_month (july count)
and taking summation of all panel's result value in another dashboard Panel as total_score
Now, I want to show trending compared to last total_ score to this month total_score.
Please suggest ,how to approach for the same.
Thanks.

0 Karma
Reply

DavidHourani
Super Champion
‎09-23-2019 07:44 AM

Hi @avni26,

As Rich suggested you can do this using timewrap whoever if that doesn't work for you then you can use append instead to build your search as shown in the first answer here :
https://answers.splunk.com/answers/371015/display-comparison-between-last-week-vs-this-week.html

Let me know what your search looks like if the above link didn't work for you so we can try and fix it.

Cheers,
David

0 Karma
Reply

avni26
Explorer
‎09-23-2019 11:29 AM

@DavidHourani , yes append only do. But my query is already too long and also have several panel's each having their independent index . By append ,I have to write all query again for last month. 😞
I guess, i have to use report for the same.

0 Karma
Reply

DavidHourani
Super Champion
‎09-23-2019 08:49 PM

How about using an eval to create a field containing "Current Month" and "last Month" based on the time and then run a timechart by that field ?

0 Karma
Reply

avni26
Explorer
‎09-24-2019 12:12 AM

@DavidHourani yes, this can be perfect. Please share any sample query for more understanding. If possible.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-23-2019 06:55 AM

Have you looked at the timewrap command?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

avni26
Explorer
‎09-23-2019 07:28 AM

yes, timewrap will not work in my query , as for each panel , i am just searching for last month.
Any other way?

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...