Hello Everyone,
How can optimize this query because this query is taking too much of time. I am creating 4 windows in a day and getting the Average number of Event for 14 day for that particular windows, This will become baseline and i can check spike or Drop in events by 300 % .. Please suggest something
" index=* | stats sum(eval(date_hour>=0 AND date_hour<10)) as "L1", sum(eval(date_hour>=10 AND date_hour<12)) as "L2" ,sum(eval(date_hour>=12 AND date_hour<18)) as "L3",sum(eval(date_hour>=18 AND date_hour<24)) as "L4" by device_name | eval L1=round(L1/14,0)| eval L2=round(L2/14,0) | eval L3=round(L3/14,0) | eval L4=round(L4/14,0) | fillnull | outputlookup device_threshould_baseline.csv"
↧