I have a dashboard on weekly bandwidth usage, and would like to get trending on the multiple reports that use the Single Value Visualisation to show if it was up/down from the previous week. But not sure which command I should be using, one of my searches as an example is for avg. bandwidth per users:
... | stats sum(bandwidth_total) as Bandwidth by user
| stats avg(Bandwidth) as Bandwidth
| eval Bandwidth = tostring(Bandwidth,"commas")
Time range: Previous Week
I know the Enterprise Security app has a arrow for trending for real-time/historic data, but how do I do this in the normal search app?
↧