Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Tweaking xyseries

bmer
Explorer
‎10-18-2024 02:21 AM

Iam using splunk to generate as below.It is run for 2 days date range where am trying to compare the count

ClassName16-Oct-2417-Oct-24
ClassA544489
ClassB3947
ClassC19372100

 

My splunk query is as under

index=myindex RecordType=abc ClassName IN (
"ClassA",
"ClassB",
"ClassC")
| bucket _time span=1d
| stats avg(cpuTime) as avgCpuTime by ClassName _time
| xyseries ClassName _time avgCpuTime

I need below output which has an extra column that gives the comparision.How can we tweak this query?Is there another way to achieve this in more visually appealing manner

ClassName16-Oct-2417-Oct-24%Reduction
ClassA54448910%
ClassB3947-21%
ClassC19372100-8%
Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-18-2024 03:02 AM 
index=myindex RecordType=abc ClassName IN (
"ClassA",
"ClassB",
"ClassC")
| bucket _time span=1d
| stats avg(cpuTime) as avgCpuTime by ClassName _time
| xyseries ClassName _time avgCpuTime
| eval "%Reduction"=round(100*('16-Oct-24'-'17-Oct-24')/'16-Oct-24',0)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-18-2024 03:02 AM 
index=myindex RecordType=abc ClassName IN (
"ClassA",
"ClassB",
"ClassC")
| bucket _time span=1d
| stats avg(cpuTime) as avgCpuTime by ClassName _time
| xyseries ClassName _time avgCpuTime
| eval "%Reduction"=round(100*('16-Oct-24'-'17-Oct-24')/'16-Oct-24',0)
0 Karma
Reply
Solved! Jump to solution

bmer
Explorer
‎10-18-2024 06:23 AM

@ITWhisperer Thanks. This was helpful.I tweaked it to include more aggregate function

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...