Sumo Logic

Lab 7 - Calculating Changes and Moving Averages

This lab teaches you how to track changes and calculate moving averages for the results of query searches.
In this lab, learn about diff and smooth to calculate changes in your data.


  1. Calculate difference in number of requests over the last 15 minutes:


| timeslice 1m

| count by _timeslice

| sort by _timeslice asc

| diff _count

  1. Calculate moving average of 404 occurrences over the last 15 minutes.

_sourceCategory=Labs/Apache/Access and status_code=404

| timeslice 1m

| count as error_count by _timeslice

| sort by _timeslice asc

| smooth error_count as rolling_avg

Bonus: Plot them on a line bar combo chart.

Image of line bar combo chart