Hi,
I have data of transactions in logs.
using "duration" i can take the total duration of very transaction.And avg(duration) will give me the avg of all the transactions.
Now i need to calculate the average of only the top 50% best transaction on time.
i.e for example i have 100 transactions, I sort them according to duration(min to max), i need the average of the first 50 trasactions.
How can i achieve this?
Here's how to do it.
1) calculate the median value for duration, using "eventstats", which puts the value onto every event/transation.
2) use "where" to filter out events/transactions that are below the median duration.
3) now calculate the average duration for the remaining events/transactions
Putting it all together:
"your transaction search" | eventstats median(duration) as threshold | where duration>= threshold | stats avg(duration)
Here's how to do it.
1) calculate the median value for duration, using "eventstats", which puts the value onto every event/transation.
2) use "where" to filter out events/transactions that are below the median duration.
3) now calculate the average duration for the remaining events/transactions
Putting it all together:
"your transaction search" | eventstats median(duration) as threshold | where duration>= threshold | stats avg(duration)