Hi,
I have a query which should ideally give me results for the Last week and the current week Request count.
index=data earliest=-1w@w latest=now | eval Latency=case(walltime<500, "0-0.5s", walltime>=500 AND walltime<1000, "0.5s-1s",walltime>=1000 AND walltime<3000, "1s-3s", walltime>=3000 AND walltime<6000, "3s-6s",walltime>=4000 AND walltime<10000, "6s-10s",walltime>=10000 AND walltime<30000, "10s-30s", walltime>=30000, ">=30s")| timechart span=1w count as RequestCount by Latency
When represented in a single value, it should result me single value of current week along with trendline compared with previous week. But the above query results for both previous week & latest week not the recent 3 days in current week, which is wrong. Here is the preview of the result
![alt text][1]
How do i represent only the current week's result value alone displayed compared with previous week to show how much in percent less/more the count is ?
Also is it possible to schedule this as a search and have it indexed in summary index. For example, Say every week, i run a query to get that week's result in the name "Previous_week", how do i compare with current week result with the summarized result under the source "Previous_week" ?
[1]: /storage/temp/255750-screen-shot-2018-08-21-at-120108-pm.png
↧