...ou need to somehow calculate the delta between these intervals and display it on the dashboard. This is real? And the question is, how can I do this? Is there a rough example? Unfortunately, I have n...
I am trying to find a way to produce a column in a table to show the difference between the recieved_time and the remediation_time. Currently the Diff_in_Time field and TotalDiff_in_Time fields retur...
...earch for it but I don't know why, I can't make a clean graph for it. I would like a bar with padding to indicate the delta between my acknowledged alerts and the total alerts. Here is what my search y...
...hich I am using
index=main
|timechart span=1mon sum(OBJECT_SIZE_GB) as Size
|delta Size AS Data_Growth p=1
So first I am displaying the total size of my object as "Size" and then displaying t...
...uration_in_sec=round(avg(duration_in_ms)/1000,2)
| table agent account siteID flow duration_in_sec I could find the delta between each event as multiple events with below | r...
...alue...
I want to compute a delta on the othertimestamp field, but the delta should be 0, if the field1 changed... I also want to see all other fields for each event.
I tried to use delta, but I...
Hi,
I have a query like :
index=XXX sourcetype=YYY |search AGE = "*" NAME="CIA" OR NAME="FIA" |timechart span=1h sum(FIELD) as TOTAL1 | delta TOTAL1 as HERO | table _time HERO
I want m...
index=os source=df host=host1 | multikv | rex mode=sed "s/%//" | search Filesystem="/dev/mapper/host1.work" | delta UsePct | table *
Without looking at the table it appears the rex command worked....
...ield)
syslog-ng "Log statistics" host="sc4-cron*" | rex "(?i)^(?:[^=]=){2}(?P[^'])(?=')" | search DROPPED="" | delta DROPPED as DROPPEDDIFF | search DROPPEDDIFF=""
this works fine on a single h...