Compare Link Metrics Across Time
Use the compare
command to compare metrics generated in
link analysis to the previous time windows.
Following example query compares the data transfer between two IPs across previous four days by using the compare command:
'Log Source' = 'OCI VCN Flow Unified Schema Logs'
| eval 'Bytes Transferred' = unit('Content Size Out', byte)
| link Time, 'Source IP', 'Destination IP'
| stats sum('Bytes Transferred') as 'Transfer Size'
| compare fields = 'Transfer Size' timeshift = -1day count = 4
The resulting histogram chart that indicates the comparison: