How to use timechart to show increase in recent 7 ... - Splunk Community

Splunk Search

hey, I cant use |timechart count span=1d to calculate recent 8 days count, search result as follow:

_time           count
2020/05/21       100
2020/05/22       120
2020/05/23       180
2020/05/24       200
2020/05/25       270
2020/05/26       380
2020/05/27       490
2020/05/28       680

now,I want to calculate the increase quantity of each day compared with the previous day. The results should be as follows

    _time           increase 

    2020/05/22       20
    2020/05/23       60
    2020/05/24       20
    2020/05/25       70
    2020/05/26       110
    2020/05/27       110
    2020/05/28       190

then use timechart show the increase quantity |timechart count span=1d

is there have a simple search statement to do it?

|timechart count span=1d
| delta count as increase
| table _time increase

use delta

Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...