Hi,
I posted this question before, but was unable to attach the picture later in the thread. I am looking to add a column that gives me the % Difference. The formula is this: ((5_Day_Avg - currentDay) /5_Day_Avg) *100 .
My search looks like this:
index=csl_dblogs | rename TRUNC_CREATION_TIME as Date2 | rename SOURCE_SYSTEM_NAME as Source_System | Rename COUNT as Count | eval Date=strftime('Date', "%m-%d-%Y") | chart values(COUNT) over Source_System by Date | addtotals fieldname=Total | eval 5_Day_Avg=round(Total/5) | eval currentDay=if(Date>now(), 0, Count)
Based on the picture, I would need just 1 column that represents the difference based on the formula provided. However, I am having a problem extracting the values of the current day's field. Right now, it shows 10/27/2015 as the current day, but the DB will index 10/28 files later today (which will be Current Day). I know I need an if statement, but i tried with the one above and it doesn't exactly work. Any help is greatly appreciated.
... View more