Hi, Masa. My mean is using divide under addcoltotal in the same line , Or other command i can use it to arrive my destition

时间 门户 UU总数 登录总次数 平均次数
1 12/03/05 mt 251375 586442 2.33
2 12/03/05 wap 7120 802 0.11
3 12/03/05 www 14202 41542 2.93
4 90899 628786 1.79

The lase line Viz the forth line 90899 is average 628786 is sum and 1.79 is average

My saved search :

index=summary_user_login_exreport PORTAL=* USERFLAG=* SEX=* AGE=* PROVINCE=* CITY=* SERVICENAME=* CUSTOMMADE=* PLATFORM=* APN=* LOGINSUM=|mm_DEVICENAME_nomoralized | rename OUTPUTDEVICENAME as DEVICENAME|search DEVICENAME=|eval time=strftime(_time, "%y/%m/%d") |stats sum(UU) as uu,sum(LOGINSUM) as total by time PORTAL|eval per=round(total/uu,2)|append [search index=summary_user_login_exreport PORTAL=* USERFLAG=* SEX=* AGE=* PROVINCE=* CITY=* SERVICENAME=* CUSTOMMADE=* PLATFORM=* APN=* LOGINSUM=|mm_DEVICENAME_nomoralized | rename OUTPUTDEVICENAME as DEVICENAME|search DEVICENAME=|eval time=strftime(_time, "%y/%m/%d") |stats sum(UU) as uu,sum(LOGINSUM) as total by time PORTAL|eval per=total/uu|eventstats count|eval uu=uu/count |eval per=per/count |stats sum(uu) as uu sum(total) as total sum(per) as per]|eval per=round(per,2)|eval uu=round(uu)|rename PORTAL as 门户,uu as UU总数,total as 登录总次数,per as 平均次数 time as 时间

I wonder if you are looking for addcoltotals;

( http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Addcoltotals )

or eventstats;

( http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Eventstats )

Please try it and see if you can get what you are looking for.

Could you give a little more detail? Example of events and table results you are looking for?