Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Average of the total count

krusovice
Path Finder
‎03-11-2018 11:01 PM

Hello all,

How can I get the average of the output as below?

Calculation is 40 + 20 + 50 / 3 = 36.6

REQUEST          ID          DURATION          AVERAGE
AAA              1122        40 seconds        36.6 seconds
BBB              3344        20 seconds
CCC              5566        50 seconds

Thanks.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

493669
Super Champion
‎03-11-2018 11:17 PM

Hi @krusovice,
try this:

...|rex field="DURATION" "(?<DURATION>\d+)"
|eventstats avg(DURATION) as average
|eval average=round(average,1)." seconds"

Try this run anywhere search:

|makeresults|eval REQUEST="AAA", DURATION="40 seconds"
|append[|makeresults|eval REQUEST="BBB", DURATION="20 seconds"]
|append[|makeresults|eval REQUEST="CCC", DURATION="50 seconds"]
|rex field="DURATION" "(?<DURATION>\d+)"
|eventstats avg(DURATION) as average
|eval average=round(average,1)." seconds"

View solution in original post

0 Karma
Reply
Solved! Jump to solution

deepashri_123
Motivator
‎03-11-2018 11:19 PM

Hey krusovoice,

You can try this run anywhere query:

| makeresults | eval Request="AAA BBB CCC" | makemv Request| mvexpand Request | appendcols [| makeresults | eval ID="1122 3344 5566" | makemv ID| mvexpand ID ] |  appendcols [| makeresults | eval Duration="40seconds 50seconds 20seconds" | makemv Duration| mvexpand Duration ] |rex field=Duration "(?P<Dur>\d+)"| eventstats avg(Dur) AS avgDur

OR you can add this to your query:
|rex field=Duration "(?P\d+)"| eventstats avg(Dur) AS avgDur

Let me know if this helps!!

0 Karma
Reply
Solved! Jump to solution

krusovice
Path Finder
‎03-11-2018 11:58 PM

Hi deepashri_123,

eventstats just make the trick! Thank you as always.

0 Karma
Reply
Solved! Jump to solution

deepashri_123
Motivator
‎03-15-2018 01:49 AM

@krusovice,
Please Upvote the answer if that helped!!
Thanks!!

0 Karma
Reply
Solved! Jump to solution
Solution

493669
Super Champion
‎03-11-2018 11:17 PM

Hi @krusovice,
try this:

...|rex field="DURATION" "(?<DURATION>\d+)"
|eventstats avg(DURATION) as average
|eval average=round(average,1)." seconds"

Try this run anywhere search:

|makeresults|eval REQUEST="AAA", DURATION="40 seconds"
|append[|makeresults|eval REQUEST="BBB", DURATION="20 seconds"]
|append[|makeresults|eval REQUEST="CCC", DURATION="50 seconds"]
|rex field="DURATION" "(?<DURATION>\d+)"
|eventstats avg(DURATION) as average
|eval average=round(average,1)." seconds"
0 Karma
Reply
Solved! Jump to solution

krusovice
Path Finder
‎03-11-2018 11:53 PM

Thank you @493669 for the great helps! It's work well in my dashboard.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...