After doing transaction, removing unique row and finally applying
| stats list(score) as score, list(Id) as Id by Type
gave me following result, can someone tell me a way to plot this as timechart span=1m avg(Score) by Type this command doesn't plot any data
Type Score
A 123
786
45
B 34
95
Try this
If you want avg of all values of score for a Type, including duplicates (two entries with same score and Type)
your base search ..before your stats | timechart span=1m avg(score) by Type
OR
If you want avg of only unique values of score for a Type, excludingduplicates
your base search ..before your stats | bucket span=1m _time | stats count by score, type, _time | timechart span=1m avg(score) by Type
Hi MuS,
Sorry that din't work.
You must make sure to have a _time
field available after the stats or the timechart will fail, do as I said or do as @somesoni2 said 😉
Hi MayankSplunk,
after the stats you don't have _time
available for timechart, so do something like this:
| stats list(score) as score, list(Id) as Id by Type, _time | timechart ....
cheers, MuS