Use Case: Comparing Averages over Search Intervals

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 0 minutes

You can compare the average (m1) of a search over the last 24 hours with the latest 1 hour of the same average (m1). Run the search on 24h for that.

logscale Syntax

filters...
| [avg(m1,as=all), bucket(function=avg(m1,as=lastHour), span=1h)]
| rename(_bucket,as=@timestamp)
| tail(2)
| head(1)

That calculates the average over whatever the search interval (max 1500 hours) and gets you that next to the average of the latest hour. In this case for the field "m1".

Knowledge Base

Use Case: Comparing Averages over Search Intervals

Enter search term