Hello everyone I’ve been trying to do this on my own for quite some time now and I’ve finally decided to ask for help. I will try to make this as clear as possible
What I need: I want to calculate the difference between the current value and the mean.
The specifics: Specifically I am tracking the number of TCP connections across several servers. Specifically I want to track Connections_Established overtime. Given the fluctuations I’ve decided that I want an alert to go off when the current value is (x) times greater than the mean. In this example I would take a 5 minute period and calculate the mean of “Connections_Established”.
|mean(‘Connections_Establsihed’)
.as(‘stat’)
Then I would calculate the current value and then check the difference between the current value and the mean and if the difference >= (x) it would alert accordingly.
What have I tried: I have tried calculating both data points from the same from node. I also created two separate data streams and then joined the streams together and ran the eval(“current” = “stat”) but that also didn’t return any results. I’ve tried googling the crap out of this and what I have found are people who are trying to compare 2 datapoints from two different fields. In this case I am trying to calculate the difference of datapoints from the same field.
Is this possible?
