Hello,
I have a query like this:
action="dateAccuracy" OR action="updateDate->handleEvent[dateAccuracy]" | reverse | streamstats sum(total_dates_correct) as totalDatesCorrectRunning, sum(total_datetypes) as totalDatesRunning | eval runningAverage=round((totalDatesCorrectRunning/totalDatesRunning)*100, 2) | stats values(runningAverage) by _time | stats earliest("values(runningAverage)") by _time
The result looks like this:
_time earliest(values(runningAverage))
2019-10-21 07:06:06 15.93
2019-10-21 07:06:08 15.97
2019-10-21 07:06:10 15.94
2019-10-21 07:06:11 16.00
2019-10-22 07:06:11 15.00
2019-10-22 07:08:12 16.77
How would I filter these results to show the last value of earliest(values(runningAverage)) by day?
Ex
_time earliest(values(runningAverage))
2019-10-21 16.00
2019-10-22 16.77
Thanks
↧