I am attempting to calculate a running average with autoregress for a count of errors across a group of servers. I'm using the following query to get the data in 5-minute slices
index="m...
...nd it works fine but is a bit messy. I feel like I could use autoregress to tidy things up, but I cannot find a way to autoregress by site ID.
My current base search leaves a table that is sorted b...
...o-subtract-one-days-hours-from-previous-days-to-create/m-p/575093/highlight/true#M200392 In similar cases I tended to use autoregress which behaves more or less the same. The question is - what a...
I am trying to make a chart using autoregress with the previous 365 values/days... My time range needs to be at least 730 days to gather the proper data. This works fine, but I only want the c...
We have a bug in our software that is spamming out identical log messages (different timestamps) - when it's only supposed to log changes in value. The application is reading a field device (Modbus p...
I have this query, where I want to build a dataset from a variable and its 4 previous values. I can solve this like so: | makeresults
| eval id=split("a,b,c,d,e,f,g",",")
| e...
Hi,
I would like to monitor one value of each event. When it keeps increasing after 5 events, an alarm should be triggert. I uase autoregress to generate the difference between the c...
Hi,
I have created a field, "from", which is a concatenation of 2 string fields, as follows: index = ..... | eval time_epoch = strptime('SESSION_TIMESTAMP', "%Y-%m-%d %H:%M:%S") | convert ctime(...