I need help with a correlation query where the aim is to find a particular type of event count in last 1 hour , the event count for the same hour for same day in last week , and the average event count for the same hour, same day but last x weeks. These values can then be compared to raise alerts in the system.
Example:
Lets say measuring period is 1h, say we are running the query on Monday at 10:10 AM in week32. Then we need
- [some search] event count for the measuring period which : is Monday 9AM-10AM in week32
- [some search] event count for the last week for the same period which is: Monday 9AM - 10AM in week 31
- [some search] average event count for the last X ( say 4 ) weeks for the same period which is : Monday 9AM - 10AM in week 31, Monday 9AM - 10AM in week 30, Monday 9AM - 10AM in week 29, Monday 9AM - 10AM in week 28
I really would appreciate your help in pointing me the right direction or any example.