Solved: How can I graph today vs yesterday vs the weekly a...

carasso · ‎02-07-2014

this was asked by a customer. I'm repeating it so others can see the answer...

carasso · ‎02-07-2014

Step 1) get the Timewrap app, which adds a new "timewrap" search command.

Step 2) Search for the last 7 days and run this:

*  
| timechart count span=1h
| timewrap  d series=short
| addtotals s*
| eval 7dayavg=Total/7.0
| table _time, _span, s0, s1, 7dayavg
| rename s0 as now, s1 as yesterday

Basically, we're using timewrap over the last 7 days, and then using addtotals and eval to calculate the average over those 7 days. We then rename fields and cut out days 3-7, because we only wanted today, yesterday, and the weekly average.

View solution in original post

carasso · ‎02-07-2014

Step 1) get the Timewrap app, which adds a new "timewrap" search command.

Step 2) Search for the last 7 days and run this:

*  
| timechart count span=1h
| timewrap  d series=short
| addtotals s*
| eval 7dayavg=Total/7.0
| table _time, _span, s0, s1, 7dayavg
| rename s0 as now, s1 as yesterday

Basically, we're using timewrap over the last 7 days, and then using addtotals and eval to calculate the average over those 7 days. We then rename fields and cut out days 3-7, because we only wanted today, yesterday, and the weekly average.

How can I graph today vs yesterday vs the weekly average?

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?