Hello, I have a problem comparing responseTime field last minute with last week (monday - sunday).
Below query give the results what i am seeking for, but append command limits to 50000 events, So avg(responseTime) is not accurate for the last week.
index=abc sourcetype=123
| eval responseTime1=responseTime/1000
| append [search index=abc earliest=-1w@w1 latest=@w1 sourcetype=123 | eval responseTime7=responseTime/1000 ]
| stats avg(responseTime1) AS one avg(responseTime7) AS two by application
I have tried many examples which i found in splunk answers but none of them are suitable for my requirement.
Can someone help me with this one?
Thank you very much in advance!...
↧