Tip of the hat sir, what a great response to the OP!
Currently working on something similar myself to detect Data Quality issues by comparing variations in events, host, line, punct and sourcetype counts when compared to the same period over the preceding 4 weeks.
Lots of inspiration in this answer!
Muchas Gracias
... View more