good day everyone,
I have been wrestling with a rather trivial task in Splunk but have not been able to progress with the task at all.
I have a summary index that records number of DNS queries per hour. I have attached a csv file with the content: [link text][1]
[1]: /storage/temp/273507-dnsquery-count.zip
here is the requirement:
I need to have an aggregate of DNS query counts per day which i can calculte with no problem:
index=sum_dnsquery_count earliest=-2mon@mon latest=@d
| bucket _time span=1d@d
| timechart sum(count) as Daily_DNSQuery
now the challenging part is i want to calculate daily average for the past two month and also standard deviation of the daily count for the same time frame "past 2 months" "Keep in mind the summary index minimum time value is 1hr. and lastly i want to have a chart with the daily values with average and standard deviation superimposed on a chart.
Any help is greatly appreciated.
Thanks,
↧
