Solved: How to get average of all the summed values?

rakeshyv0807 · ‎03-07-2018

Hi,

I am trying to sum up all the field values grouped by a field value(suppose fieldA) in my initial query and I got a table format grouped by the fieldA and the sum adjacent to each fieldA values. Please refer to the sample below of what my result looks like for the query I run i.e. sourcetype="pfaduit" success NOT SLO NOT OIDC adapterid=* |stats sum(responsetime) as "Total transaction time" by tid

tid:--37c0eKuTSWXpY-UzVEk-jqiAY                           172
tid:--68NI1mHOZKHASRvcX7sAOr5wk                           1937
tid:--7MWVx1vxrdiM_JHAwfutRmhPM                           794
tid:--H5vkWYeGbKoaSGvWOoopV_4ls                           376
tid:--SG6xWW_efHRsWKkfkZBc-W4tk                           767
tid:--ehyUNfx6WAk87KRpUkPtfGznk                           234
tid:--geBC5RN3WRp6FSPG4NRBHNdPc                           642
tid:--ji7I3wuIJMue8OpxPgIuqpRcA                           772
tid:--kaI_bi5DqFevhT3am6D-IA6wA                           518
tid:--lDGH10oApyn_L1dMcaN_fZ1EM                           484

Now, I want to find the average of above values and get a single value as output and display it when I run this report. Can you please help me achieve it?

Thanks in advance.

davpx · ‎03-07-2018

sourcetype="pfaduit" success NOT SLO NOT OIDC adapterid=* |stats sum(responsetime) as "Total transaction time" by tid | stats avg("Total transaction time") as "Average transaction time"

View solution in original post

davpx · ‎03-07-2018

sourcetype="pfaduit" success NOT SLO NOT OIDC adapterid=* |stats sum(responsetime) as "Total transaction time" by tid | stats avg("Total transaction time") as "Average transaction time"

How to get average of all the summed values?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!