How can I compare an average count of events per minute in last 15 minutes (for example) and the number of events during the last one minute?
Sorry, I get.
Smth like this:
eval eventcount = 1 | eval eventcountlast = if(now() - _time <= 60, 1, 0) | stats sum(eventcount) as prev, sum(eventcountlast) as last | where last < (prev/15)/3
View solution in original post
