I believe there is no report Splunk cannot produce, but I'm having trouble with this one. I'd like to generate a report that compares the last 30 days average duration with last 90 days average duration and shows the increase/decrease. I am having no troubles getting the last 90 day average, but I can't figure out how to include the last 30 day average in the same query... The data I'm working with is similar to this date Job Duration 9/1/2022 Job1    33 9/1/2022 Job2   12 9/1/2022 Job3   128 9/2/2022 Job1   14 9/2/2022 Job2   99 9/2/2022 Job3   128 9/3/2022 Job1   16 9/3/2022 Job2   33 9/3/2022 Job3   22 9/4/2022 Job1  196 9/4/2022 Job2  393 9/4/2022 Job3 192 I'd like a report that looks like this.  Job          All  Days    Last 2 Days Job1        21                17 Job2       44                 35 Job3       28                 17 I can generate the ALL Days, but am not sure how to get the last 2 days.. Heres what I have. search=foo | bucket=_time span=1d | stats sum(duration) as duration by time, jobtype | stats avg(duration) as duration by jobtype Any gurus out there that can help?    ... View more