Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Weekly change percentage query

dhavamanis
Builder
‎04-22-2016 11:02 AM

Can you please help us to find the weekly change percentage, we have a splunk query

 index="mobileapps" sourcetype="mobileiostsv" Title="*" Brand="*" Status="Published" NOT (Type="Update" OR Type="In-App             Purchase") | eval week = strftime(relative_time(_time,"@w0"),"%m/%d/%Y")
 | stats sum(Units) as Downloads values(Brand) as Brand by Title week
 | append [search index="mobileapps" sourcetype=mobileiostsv Title="*" Brand="*" Status="Published" Type="Update" NOT Type="In-App Purchase" | eval week = strftime(relative_time(_time,"@w0"),"%m/%d/%Y")
 | stats sum(Units) as Updates values(Brand) as Brand by Title ]| stats values(Brand) as Brand values(Downloads) as Downloads values(Updates) as Updates by Title week
 | rename Title as App | addtotals | sort by App week  | fillnull value="-"

and its giving output with these fields,

 App
 Brand
 Week
 Downloads
 Updates
 Total

from this we want to find the weekly change percentage, like below output,

 App1, Brand1, 04/17/2016, 50, 50, 100, 10%
 App1, Brand1, 04/10/2016, 40, 50, 90,  12.5%
 App1, Brand1, 04/03/2016, 30, 50, 80,  -
 App2, Brand2, 04/17/2016, 40, 50, 90,  77.78%
 App2, Brand2, 04/10/2016, 10, 10, 20,  -
 App3, Brand3, 04/17/2016, 10, 10, 20,  -75%
 App3, Brand3, 04/10/2016, 10, 10, 80,  -

Also with another one report order by week date only with all the columns.

 App1, Brand1, 04/17/2016, 50, 50, 100, 10%
 App2, Brand2, 04/17/2016, 40, 50, 90,  77.78%
 App3, Brand3, 04/17/2016, 10, 10, 20,  -75%
 App1, Brand1, 04/10/2016, 40, 50, 90,  12.5%
 App2, Brand2, 04/10/2016, 10, 10, 20,  -
 App3, Brand3, 04/10/2016, 10, 10, 80,  -
 App1, Brand1, 04/03/2016, 30, 50, 80,  -
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎04-22-2016 11:40 AM

Try something like this

For requirement 1

Your current search | sort 0 App Brand week | streamstats current=f window=1 values(Total) as prev by App Brand | eval change=coalesce(round((Total-prev)*100/prev,1),"-") | fields - prev  | sort 0 App Brand  -week

For requirement 2

Your current search | sort 0 App Brand week | streamstats current=f window=1 values(Total) as prev by App Brand | eval change=coalesce(round((Total-prev)*100/prev,1),"-") | fields - prev  | sort 0  -week App Brand

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎04-22-2016 11:40 AM

Try something like this

For requirement 1

Your current search | sort 0 App Brand week | streamstats current=f window=1 values(Total) as prev by App Brand | eval change=coalesce(round((Total-prev)*100/prev,1),"-") | fields - prev  | sort 0 App Brand  -week

For requirement 2

Your current search | sort 0 App Brand week | streamstats current=f window=1 values(Total) as prev by App Brand | eval change=coalesce(round((Total-prev)*100/prev,1),"-") | fields - prev  | sort 0  -week App Brand
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...