Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

index=Network_data memory_raw!="" | table _time cust_id memory_raw |bin _time span=1d | stats avg(memory_raw) by _time cust_id

akhil36109
New Member
‎01-24-2018 07:02 AM

Hello everyone,
In the above command i got the average memory raw per customer for a day(span=1d).
But i need it for last 14DAYS or atleast for the last 7 days .

i am trying to use "Snap to" but it is not working,could you please help me.
Thank you very much!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎01-24-2018 08:14 AM

hey you can try something like this..also you do not need to add table command as it seems unnecessary for me!
for last 7 days

index=Network_data memory_raw!=""  earliest=-7d latest=now |bin _time span=1d | stats avg(memory_raw) by _time cust_id

for last 14 days

    index=Network_data memory_raw!=""  earliest=-14d latest=now |bin _time span=1d | stats avg(memory_raw) by _time cust_id

let me know if this helps!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎01-24-2018 08:14 AM

hey you can try something like this..also you do not need to add table command as it seems unnecessary for me!
for last 7 days

index=Network_data memory_raw!=""  earliest=-7d latest=now |bin _time span=1d | stats avg(memory_raw) by _time cust_id

for last 14 days

    index=Network_data memory_raw!=""  earliest=-14d latest=now |bin _time span=1d | stats avg(memory_raw) by _time cust_id

let me know if this helps!

0 Karma
Reply
Solved! Jump to solution

akhil36109
New Member
‎01-24-2018 08:40 AM

Thank you!
ya bro now i got each day avg(memory_raw) for last 14 days of each cust_id .

My questions is :

Can i take this data and feed to Machine learning too kit and predict the numeric fieds which is avg(numeric_raw) for next 10 days??

0 Karma
Reply
Solved! Jump to solution

mayurr98
Super Champion
‎01-24-2018 08:47 AM

yes you can,if you have expertise to which algorithm to use and how to feed this in machine learning toolkit.
I do not know how to feed to ML toolkit as I do not have experience on ML.
And if you do not know how to do it then I suggest you to open new ticket ask a question about how can feed this search query to ML toolkit. Also search on splunk answers, if your requirement is already there or not!

let me know if this helps!

0 Karma
Reply
Solved! Jump to solution

akhil36109
New Member
‎01-24-2018 10:22 AM

thank you bro you helped me a lot but i think i need to learn ML

0 Karma
Reply
Solved! Jump to solution

493669
Super Champion
‎01-24-2018 07:35 AM

have you tried to change time range to "Last 7 days"

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...