cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Menorel
Loves-to-Learn
Member since: ‎09-08-2021
‎09-09-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-08-2021
Activity Feed
View All

Re: percent change over time

by in Other Usage
‎09-09-2021 07:14 AM
‎09-09-2021 07:14 AM
@bowesmana  I updated the Index with mine I am not sure about what the sourcetype would be.  in the searches that I was attempting to put together, I was using data=data=billing_card but replacing sourcetype with billing_card or setting it equal to sourcetype it retrieves no data. I redacted the last two lines of code to see if there just was not anything meeting those criteria for the search and I get: column Previous 2hr Previous 1hr Change diff NULL 100.00 100.00 0.00 0.00   If I just leave sourcetype in I get I am guessing the sources   ... View more

percent change over time

by in Other Usage
‎09-08-2021 11:41 AM
‎09-08-2021 11:41 AM
Hello All, Been trying to get the hang of syntax within Splunk and have been able to sus out a basic understanding, true to form for myself, I usually end up jumping into the deep end when I do things, so bear with me. I am attempting to creat a report/search/dashboard that looks over the last four hours and will display the largest percent increase of a value. The field is BIN currently stored as a numerical value, I have tried the tostring command to transform it but usually ends up as no values being returned or them all being grouped together. But I digress, how would I first create a search/table view that would be updated along a described timeframe lets say every hour where it looks at the previous timeframe as a percentage of total records for that timeframe and calculates the percentage increase of the two timeframes and filters to see the top 20 increases? Example: I would want to ignore any decreasing values and possibly only see the top 20 that had increased that are greater than or equal to a 15% increase.   BIN Percent 2 hour ago Percent 1 hr ago Pecent change 123456 10% 12% 16.7% 234561 10% 8% -25% 345612 30% 25% -20% 456123 35% 30% -16.7% 561234 15% 25% 40%   ... View more
Labels

New to Splunk

by in Dashboards & Visualizations
‎09-08-2021 08:25 AM
‎09-08-2021 08:25 AM
Hello All, Been trying to get the hang of syntax within Splunk and have been able to sus out a basic understanding, true to form for myself, I usually end up jumping into the deep end when I do things, so bear with me. I am attempting to creat a report/search/dashboard that looks over the last four hours and will display the largest percent increase of a value. The field is BIN currently stored as a numerical value, I have tried the tostring command to transform it but usually ends up as no values being returned or them all being grouped together. But I digress, how would I first create a search/table view that would be updated along a described timeframe lets say every hour where it looks at the previous timeframe as a percentage of total records for that timeframe and calculates the percentage increase of the two timeframes and filters to see the top 20 increases? Example: I would want to ignore any decreasing values and possibly only see the top 20 that had increased that are greater than or equal to a 15% increase.   BIN Percent 2 hour ago Percent 1 hr ago Pecent change 123456 10% 12% 16.7% 234561 10% 8% -25% 345612 30% 25% -20% 456123 35% 30% -16.7% 561234 15% 25% 40%     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-09-2021 11:55 AM