×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
jmalachoSPL64
Engager
Member since: ‎08-09-2021
‎08-10-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎08-09-2021
Activity Feed
View All

Re: Displaying difference between two search query...

by in Splunk Search
‎08-10-2021 06:42 AM
‎08-10-2021 06:42 AM
thanks venkatasri.   I threw in a fillnull to zero out the events that don't occur on particular days and it looks great. ... View more

Displaying difference between two search query sta...

by in Splunk Search
‎08-09-2021 02:40 PM
‎08-09-2021 02:40 PM
I am using the following query to retrieve events that I then display.  I would like to add another column that is the difference between the two columns. each log event has a field called app_elements={eventtype='event1','widget'='apple'), for example The query: index="aws" level="info"  env="dev" earliest=-72h latest=-48h| spath input=app_elements | stats count by eventtype | eval Period="Before" | append [search index="aws" level="info" env="dev" earliest=-24h latest=now| spath input=app_elements | stats count by eventtype | eval Period="Now" ] | chart sum(count) over eventtype by Period The current result: eventtype                             Before                    Now event1                                       10                           20 event2                                       15                           12 event3                                       22                           20 event4                                       5                                8   The desired result: eventtype                             Before                    Now                Difference event1                                       10                           20                         10 event2                                       15                           12                          -3 event3                                       22                           20                          -2 event4                                       5                                8                            3 ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-10-2021 10:02 AM
Karma given to
View All