Splunk Search

I have a order data, I need to trend the order for last 15 days, plotting three values high, low and current in a same graph

petersamueljohn
New Member

I have a order data, I need to trend the order for last 15 days, plotting three values high, low and current in a same graph
index=abc
sourcetype=logg
Ordertype= retail or online
and I need to trend with high low and today's value in last 15 days.

Tags (1)
0 Karma

to4kawa
Ultra Champion
| makeresults 
| eval _raw="AM,Version=08_07,NumberOfRequests=7511,LastRequestTime=3/19/2020 11:19:34 AM,InactiveTimeSpan=0.0 minutes
AM,Version=08_07,NumberOfRequests=1,LastRequestTime=3/19/2020 11:19:34 AM,InactiveTimeSpan=0.0 minutes
AM,Version=08_07,NumberOfRequests=7,LastRequestTime=3/19/2020 11:18:45 AM,InactiveTimeSpan=0.8 minutes"
| rex max_match=0 "NumberOfRequests=(?<numberofrequests>\d+)"
| rex "LastRequestTime=(?<date>\S+)"
| stats sum(numberofrequests) as total min(numberofrequests) as low max(numberofrequests) as high by date

and I need to trend with high low and today's value in last 15 days.
There is no log, so you can do it.

0 Karma

petersamueljohn
New Member

AM,Version=08_07,NumberOfRequests=7511,LastRequestTime=3/19/2020 11:19:34 AM,InactiveTimeSpan=0.0 minutes
AM,Version=08_07,NumberOfRequests=1,LastRequestTime=3/19/2020 11:19:34 AM,InactiveTimeSpan=0.0 minutes
AM,Version=08_07,NumberOfRequests=7,LastRequestTime=3/19/2020 11:18:45 AM,InactiveTimeSpan=0.8 minutes

this is for single event, i need to show the current value , which is the sum(numberofrequests) for the latest minute

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...