Hi Experts,
I need help in Splunk query to send alert if today's volume at latest time is X percent different from past two weeks volume same day at same time with 10 minutes bucket.
For dashboard thing, I have used below but not sure how to implement this in query and send alert as the below query is showing me whole day data at same time .
sourcetype=server_volume host=xxx earliest=-23h@h latest=@m
| eval ReportKey="Today"
| append [search sourcetype=server_volume host=xxx earliest=-23h@h-1w latest=@m-1w
| eval ReportKey="LastWeek"
| eval _time=_time+60*60*24*7]
| append [search sourcetype=server_volume host=xxx earliest=-23h@h-2w latest=@m-2w
| eval ReportKey="TwoWeeksBefore"
| eval _time=_time+60*60*24*14]
| timechart span=1m count(volume) by ReportKey
↧