delta

`delta`

Use the delta command to compute the difference between a numeric property in a group, and another numeric property in a previous group, in the sort order of groups when the delta command is run. This command can be applied after any grouping command like stats, link, or timestats.

Syntax

delta [field = <sub_field_name>] [step = <step>] <field_name> [as <new_field_name>]

Parameters

The following table lists the parameters used in this command, along with their descriptions.

Parameter	Description
`sub_field_name`	Specify the name of the numeric property in the previous group to use for the computation. Default value is <field_name> if not specified.
`field_name`	Specify the name of the numeric property in the current group to use for the computation.
`step`	Specify the number of groups prior to the current group to use for the computation. Default value is `1` if not specified.

The following command groups all the fatal logs by transaction, and get the difference in average elapsed time in every 5 groups:

severity = fatal 
    | link 'Transaction ID' 
    | stats avg('Elapsed Time (System)') as 'Average Elapsed Time' 
    | delta step = 5 'Average Elapsed Time'

The following command groups all fatal logs by transaction, and gets the difference between the current start time and the previous end time.

severity = fatal 
    | link 'Transaction ID' 
    | delta field = 'End Time' 'Start Time'

Oracle Cloud Infrastructure Documentation