I display two different graphs by using the following strings.
"Sending" earliest=-7days | eval gigabytes=((bytes/1024)/1024) | timechart span=1day avg(gigabytes) AS "Gigabytes sent"
"Receiving" earliest=-7days | eval gigabytes=((bytes/1024)/1024) | timechart span=1day avg(gigabytes) AS "Gigabytes received"
I can display both in the same graph by:
"Sending" earliest=-7days | eval gigabytes=((bytes/1024)/1024) | timechart span=1day avg(gigabytes) AS "Gigabytes sent" | appendcols [search "Receiving" earliest=-7days | eval gigabytes=((bytes/1024)/1024) | timechart span=1day avg(gigabytes) AS "Gigabytes received"]
This gives me two lines (each has a value for one day for the past 7 days).
How do I display the difference between gigabytes sent and received? I want to display Gigabytes sent - gigabytes received for each day for the past 7 days.
↧