Hello,
here is what I try to do: I want to know if my todays average duration is slower or faster than my average duration from the last 7 days. If it is higher I want to receive a notification. Assuming that right now we have 2pm I want todays average from 00am until 2pm compared to the average of the same timespan but for the last 7 days. I came up with a solution in 2 separate graphs which looks like this:
1: todays average
index=myindex host=myhost
source="*access_log" duration!="" NOT "status" (date_hour > 00 AND date_hour < now)|eval apacheDuration=apacheDuration/1000 |stats avg(duration) by host
2: avarage of the last 7 days for the same timespan
index=myindex* host="my host
source="*access_log" duration!="" NOT "status" earliest=-7d latest=now (date_hour > 00 AND date_hour < now) | stats avg(duration) by host |eval apacheDuration=apacheDuration/1000
Is there a way to combine those to in 1 graph and make it able to send me notifications if the average time of today is higher than the average? It would be even better if I could plot the deviation.
I thought about something like this which obviously doesn't work:
dataset:
index=myindex host=myhost
source="*access_log" duration!="" NOT "status" (date_hour > 00 AND date_hour < now)|eval apacheDuration=apacheDuration/1000 |stats avg(duration) by host as avaragethoday
dataset
index=myindex* host="my host
source="*access_log" duration!="" NOT "status" earliest=-7d latest=now (date_hour > 00 AND date_hour < now) | stats avg(duration) by host as avarageWeek |eval apacheDuration=apacheDuration/1000
eval spike=if(avarageToday >1.2 * avarageWeek, avarageToday, 0) + show em the difference between avarageToday and avarageWeek
... View more