Hi Folks,
Can you please help me to convert below splunk query into elastic query ?
It has single index and we need to put two time ranges on similar field(ChannelSessionId) and calculate percentage in both counts.
index=digital sourcetype=channel-services EntryExitLog GwpValidateTransactionInfo earliest=-245m latest=-5m
| stats dc(ChannelSessionId) as CWC by ChannelErrorCode
| join type=outer ChannelErrorCode
[ search index=digitalsourcetype=channel-services EntryExitLog GwpValidateTransactionInfo earliest=-20405m latest=-20165m
| stats dc(ChannelSessionId) as LFC by ChannelErrorCode]
| fillnull value=0
| eval deviation=round(((CWC-LFC)*100/LFC),0)
Thanks
Sajal