I need to find the difference between each date for each App_name in splunk
Right now my query just show the today number of record recieve each day per topic name/ Appname. I want to find out the percentage difference of record for each day from its previous day.
index="platform" sourcetype="logs" | rex "sent:\s(?\d+)\sfrom the file\s:\s(?[\w\.\/\_\-]+)\s" | rex field=source "\.(?[\w\/\_\-]+)\." | timechart span=24h sum(record) as records by topic_name
Can someone help
↧