Splunk Search

How to find average power consumption from two sourcetype?

boney_s
Explorer

Hai friends,

I have logged two SIMILAR files in splunk, which contains details of different meters like voltage,current,power consumption etc. of two seasons along with timestamp (which are saved in two different logs). How can I compute the "difference" in average power consumption of each meter in two seasons seperately. Also if the consumption is greater than a threshold value I need to write it in to a database. Every fields of two files are same and only difference is in their filename. First line of log is shown below:
Date=2014-11-13 MeterId=75842578 Voltage=227.25 Current=29.5554 KwAC=6.71646 KW=12.954 Frequency=49.7778

Thanks in advance

Tags (2)
0 Karma

somesoni2
Revered Legend

Try something like this

index=YourIndex source=Season1LogFile OR source=Season2LogFile | chart avg(Voltage) as Voltage avg(Current) as Current avg(KwAC) as KwAC avg(KW) as KW over MeterId by source

THis should give you a side by side comparison of avg of different fields from both sources.

0 Karma

boney_s
Explorer

That's fine for finding the average value. Below is the logic that i need to do it in splunk:

1. if( avg(Current of Season1LogFile) - avg(Current of SeasonFile2LogFile)  > 7 )
            1. Display it in a chart
            2. Write the value to a database table

The average value of Current should be compared based on per MeterID basis

0 Karma
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...