Solved: Tweaking xyseries

bmer · ‎10-18-2024

Iam using splunk to generate as below.It is run for 2 days date range where am trying to compare the count

ClassName	16-Oct-24	17-Oct-24
ClassA	544	489
ClassB	39	47
ClassC	1937	2100

My splunk query is as under

index=myindex RecordType=abc ClassName IN (
"ClassA",
"ClassB",
"ClassC")
| bucket _time span=1d
| stats avg(cpuTime) as avgCpuTime by ClassName _time
| xyseries ClassName _time avgCpuTime

I need below output which has an extra column that gives the comparision.How can we tweak this query?Is there another way to achieve this in more visually appealing manner

ClassName	16-Oct-24	17-Oct-24	%Reduction
ClassA	544	489	10%
ClassB	39	47	-21%
ClassC	1937	2100	-8%

ITWhisperer · ‎10-18-2024

index=myindex RecordType=abc ClassName IN (
"ClassA",
"ClassB",
"ClassC")
| bucket _time span=1d
| stats avg(cpuTime) as avgCpuTime by ClassName _time
| xyseries ClassName _time avgCpuTime
| eval "%Reduction"=round(100*('16-Oct-24'-'17-Oct-24')/'16-Oct-24',0)

View solution in original post

ITWhisperer · ‎10-18-2024

index=myindex RecordType=abc ClassName IN (
"ClassA",
"ClassB",
"ClassC")
| bucket _time span=1d
| stats avg(cpuTime) as avgCpuTime by ClassName _time
| xyseries ClassName _time avgCpuTime
| eval "%Reduction"=round(100*('16-Oct-24'-'17-Oct-24')/'16-Oct-24',0)

bmer · ‎10-18-2024

@ITWhisperer Thanks. This was helpful.I tweaked it to include more aggregate function

Tweaking xyseries

stats

table

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

Leverage Cisco Talos Threat Intelligence Across Splunk Security Products

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!