Solved: Average of count per second

vinraisf · ‎02-28-2014

I am trying to get average per second while using this query

Source= (logRecordType="V" OR logRecordType="U") earliest=2/25/2014:22:00:00 latest=2/25/2014:22:02:00 | stats count by logRecordType

I would like to get the average per second using this formula

(latest-earliest)= 2 minute = 120 seconds

Then if my Count for logRecordType="V" is 240 then it should be 2 = 240/120
And if my count for logRecordType="U" is 360 then it should be 3 = 360/120

somesoni2 · ‎02-28-2014

try this

source=abc (logRecordType="V" OR logRecordType="U") earliest=2/25/2014:22:00:00 latest=2/25/2014:22:02:00 | addinfo | eval totalSecs=info_max_time - info_min_time | stats count by logRecordType, totalSecs | eval Avg=round(count/totalSecs,2) | table logRecordType, Avg

View solution in original post

kristian_kolb · ‎03-01-2014

Welcome to the forum vinraisf. If an answer to your question solves your problem, please mark the question as answered by ticking the check mark next to the correct answer. (like I did for you here)

You can also vote answers up or down if they were particularly helpful.

Happy Splunking,

K

vinraisf · ‎02-28-2014

That worked like a charm, thank you so much someson12! I really appreciate it.

somesoni2 · ‎02-28-2014

try this

source=abc (logRecordType="V" OR logRecordType="U") earliest=2/25/2014:22:00:00 latest=2/25/2014:22:02:00 | addinfo | eval totalSecs=info_max_time - info_min_time | stats count by logRecordType, totalSecs | eval Avg=round(count/totalSecs,2) | table logRecordType, Avg

Average of count per second

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms