Hi all, I want to find the difference between two values (values.in65To127OctetFrames). My data is like below. {"name":"ethernet_counter","timestamp":1717838243109,"tags":{"interface_name":"Ethern...
See more...
Hi all, I want to find the difference between two values (values.in65To127OctetFrames). My data is like below. {"name":"ethernet_counter","timestamp":1717838243109,"tags":{"interface_name":"Ethernet48","source":"sri-devgrp-prert00","subscription-name":"ethernet_counter"},"values":{"in65To127OctetFrames":2922198453881}}
{"name":"ethernet_counter","timestamp":1717837943109,"tags":{"interface_name":"Ethernet48","source":"sri-devgrp-prert00","subscription-name":"ethernet_counter"},"values":{"in65To127OctetFrames":2922102453899}}
{"name":"ethernet_counter","timestamp":1717837643345,"tags":{"interface_name":"Ethernet48","source":"sri-devgrp-prert00","subscription-name":"ethernet_counter"},"values":{"in65To127OctetFrames":2922006507704}} I tried the following SPL, but I received "Error in 'EvalCommand': Type checking failed. '-' only takes numbers.". index=gnmi name=ethernet_counter tags.source=sri-devgrp-prert00 earliest=06/08/2024:08:00:00 latest=06/08/2024:09:22:00
| sort _time
| streamstats current=f last(values.in65To127OctetFrames) as previous_value by tags.interface_name
| eval value_diff = values.in65To127OctetFrames - previous_value
| table _time tags.interface_name value_diff I am very new to splunk. Could someone help me to write a proper SPL? Many thanks, Kenji