Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to show Trending compared to last month value

avni26
Explorer
‎09-23-2019 06:36 AM

Hello ,
I want to show trending compared to last score calculated.
I have multiple single panels calculating one field "score"for last month(August) based on some condition like last_month_count(August count) > last2_month (july count)
and taking summation of all panel's result value in another dashboard Panel as total_score
Now, I want to show trending compared to last total_ score to this month total_score.
Please suggest ,how to approach for the same.
Thanks.

0 Karma
Reply

DavidHourani
Super Champion
‎09-23-2019 07:44 AM

Hi @avni26,

As Rich suggested you can do this using timewrap whoever if that doesn't work for you then you can use append instead to build your search as shown in the first answer here :
https://answers.splunk.com/answers/371015/display-comparison-between-last-week-vs-this-week.html

Let me know what your search looks like if the above link didn't work for you so we can try and fix it.

Cheers,
David

0 Karma
Reply

avni26
Explorer
‎09-23-2019 11:29 AM

@DavidHourani , yes append only do. But my query is already too long and also have several panel's each having their independent index . By append ,I have to write all query again for last month. 😞
I guess, i have to use report for the same.

0 Karma
Reply

DavidHourani
Super Champion
‎09-23-2019 08:49 PM

How about using an eval to create a field containing "Current Month" and "last Month" based on the time and then run a timechart by that field ?

0 Karma
Reply

avni26
Explorer
‎09-24-2019 12:12 AM

@DavidHourani yes, this can be perfect. Please share any sample query for more understanding. If possible.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-23-2019 06:55 AM

Have you looked at the timewrap command?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

avni26
Explorer
‎09-23-2019 07:28 AM

yes, timewrap will not work in my query , as for each panel , i am just searching for last month.
Any other way?

0 Karma
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...