Splunk Search

Help writing a condition for taking out average

splunkuseradmin
Path Finder

Hi all,
I need help in taking out “avg(“Participant”)” that is using calldevice1. 
 I need to write a condition here.
Explanation: In the below table, for every conference, we have multiple “participant” using some device. 
So we have a field name “calldevice1 duration” which is (0 or > 0)(in minutes) so need to write a statement or condition to take out an “avg(“Participant”)” by taking “voip duration” > 0 as 1 and “calldevice1 duration” = 0 as 0.

Thanks.

0 Karma
1 Solution

jnudell_2
Builder

Hi @splunkuseradmin ,
You can try the following search:


... [ your base search ] ...
| eventstats avg(eval(if('VoIP Duration' > 0, 1, 0))) as "Average" by ConferenceID

I'm not sure that's what you're trying to get, but that gives you the number you've specified in your question.

View solution in original post

0 Karma

jnudell_2
Builder

Hi @splunkuseradmin ,
You can try the following search:


... [ your base search ] ...
| eventstats avg(eval(if('VoIP Duration' > 0, 1, 0))) as "Average" by ConferenceID

I'm not sure that's what you're trying to get, but that gives you the number you've specified in your question.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...