I am having the chart with durations, I want to add a line over the chart with values as avg(duration). I used below query, it works perfectly.
index=cloudfoundry sourcetype=cl**** "cf_foundation=px**" "cf_org_name=Co***" "cf_space_name=de***" "cf_app_name=splunk-log****" "||splunk-logger||" | dedup processLogId| sort -splunkId |search endDate !=null AND status='COMPLETED' |eval start_epoch=strptime(startDate,"%Y-%m-%d %H:%M:%S.%1N")
|eval _time=start_epoch
|eval end_epoch=strptime(endDate,"%Y-%m-%d %H:%M:%S.%1N")
|eval duration=round((end_epoch-start_epoch)/60)
| chart values(duration) as duration by processLogId | eventstats avg(duration) as avg_duration
But now my requirement was changed that, Chart should based on last 30 days(may vary) and trendline should only based on last 7 days.
Kindly help me to do it
↧