Following is the result we got
Action_ Name Time Count
ABC 1:15 AM 100
ABC 1:30 AM 200
ABC 1:45 AM 300
ABC 2:00 50
Now I want to compare the row2 (1:30 AM) Count : 200 with row4(2:00 AM) Count 50
I am new to splunk and I don't know how to do it
Following is the below splunk query:
index=... sourcetype= .... | bucket _time span=15m | stats count by Action_Name,_time
↧