Hello Everyone,
I am trying to count the events for the window 8PM(Day1) to 6AM(Day2) for last 3 days so that I can compare the count of the events for last 2 time windows.
Assuming I am running the query today (i.e. 9/10/2019) then:-
Window 2:- 8PM(7/10/2019 i.e. Day3) to 6AM(8/10/2019 i.e. Day2)
Window 1:- 8PM(8/10/2019 i.e. Day2) to 6AM(9/10/2019 i.e. Day1)
Is there any way to count events for these specific windows and then do a compare using TIMECHART/TIMEWRAP
I tried to use the below query after working out the earliest and latest times using the time picker advanced tab but that is not giving me the results for the 2 time windows I am trying to compare.
Index=syslog JOBNAME="XX*" earliest=-3d@h+32h latest=@d+06h
| timechart useother=f count as count
| timewrap d
Or if there is any other better way of doing/representing it then please let me know.
Thanks,
Rajat
↧