I have a type of event that happens about 20 times a day. Each event carry a numeric value. Meaning is found in the sum of this value for each day.
To be able to compare the current day sum, I want an average of this sum, for the past 30 days. But not only that, I want a historic of this average sum for each span of past 30 days from now.
We are the 10/5, I want to see the average of the daily sum for 10/05 -> 09/05, 09/05 -> 08/05, 08/05 -> 07/05 , etc for the past 6 months.
So far I've done this :
sourcetype=BatchLog name=OperationInsertionBatchJob entitiesProcessed > 0 | bucket _time span=day | stats sum(entitiesProcessed) AS totalEntitiesProcessed BY _time | eval kTotalEntitiesProcessed = totalEntitiesProcessed / 1000 | timechart avg(kTotalEntitiesProcessed) span=30d
Back to reality, I only have data since a few days ago, so the result should only show me one metric : the last 30 days.
But unfortunately, as we are the 10/05, it shows me a value for 2017-09-29 and for 2017-08-30.
The time interval I selected is from now to last 6 months, no snap-to/now
↧