I want to get the average per day per item...
e.g. Getting the total count per item is easy:
stats count(Order) as TotalOrders by ProductCategory
But I can't get the hang of adding time based searches into the mix!
i.e. Average number of Orders per day per ProductCategory?
To get:
ProductCategory TotalOrders AverageOrdersPerDay
Fruit 120 14
Veg 12 1
Try this
yoursearchstuff...
| bucket _time span=1d
| stats count(Order) as dailyOrders by ProductCategory _time
| stats sum(dailyOrders) as TotalOrders avg(dailyOrders) as AverageOrdersPerDay by ProductCategory
Try this
yoursearchstuff...
| bucket _time span=1d
| stats count(Order) as dailyOrders by ProductCategory _time
| stats sum(dailyOrders) as TotalOrders avg(dailyOrders) as AverageOrdersPerDay by ProductCategory
Works a treat, but how can I specify the number of decimal places for the result?
Thanks.
Found it, added the following to the end:
| eval AverageOrdersPerDay=round(AverageOrdersPerDay, 2)