Right now we receive and store several data points per second in an index and do reporting on it.
In the future we would like to aggregate this data by calculating the average value of all data points (integer values) per minute and store it in a seperate index,
How do you do this?
Hi,
you could try:
index=source_index | timechart span=1minute avg(your_integer_field) AS your_integer_field | collect index=destination_index
Check out the collect command:
https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/Collect
Greetings Chris