Displaying calculated value in timechart

jimjohn · ‎03-11-2014

My search sting is like:

My purpose is to generate a timechart with avg in y axis.
I am unable to display the avg in timechart. I am getting blank in average when using the above.Can you help me.

martin_mueller · ‎03-11-2014

The table call at the end is weird. Let's convert this to a simple, run-anywhere example:

index=_internal | timechart bins=20 sum(bytes) as Visit count(user) as User | eval avg = Visit/User | fields - Visit User

This works for me, fills the column avg and removes the other two columns.

jimjohn · ‎03-12-2014

foreach solved my problem.

jimjohn · ‎03-11-2014

Thanks ,Let me try for each.

martin_mueller · ‎03-11-2014

Ah, I missed that. In that case you don't have fields called avg and User but rather (I guess) some_employer: avg and some_employer: User. If that's the case, foreach is your friend - exact syntax depends on what fieldnames you have after the timechart.

jimjohn · ‎03-11-2014

The solution woks fine if we doesn't use by EMPLOYERCODE.
I need the result of sum and visits grouped by EMPLOYERCODE.

Displaying calculated value in timechart

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor