Hi Guru's. I am trying to find events greater than the average of the last 10. I also want to display my results in a table. It doesn't work.
Here is my search string.
index="mydata" |streamstats avg(totalms) as myavg current=f window=10|search totalms>myavg |table totalms myavg
In this case, you may get better results using the where command which uses eval expressions to filter results.
index="mydata"
| streamstats avg(totalms) as myavg current=f window=10
| where totalms>myavg
| table totalms myavg
That worked perfectly!
thanks so much. My wife thanks you too. I get to go home now 🙂