Re: Calculate avg , min , max for per multivalue f...

yuwtennis · ‎08-26-2013

Hi !

I would like to ask question whether following calculation is possible or not?
For following case,

customer type amount
A a 10
A a 20
A b 10
B a 5
B a 10

I want to calculate fields as

customer type count min max avg
A a 2 10 20 15
b 1 10 10 10
B a 2 5 10 7.5

However, I have tried that

stats values(type) , count, min(amount), max(amount), avg(amount) by customer

does not work...

I would appreciate if someone can help me out with this issue.

Thanks,
Yu

rturk · ‎08-26-2013

Hi Yutennis,

Putting your data into a lookup tennis.csv:

customer,type,amount
A, a, 10
A, a, 20
A, b, 10
B, a, 5
B, a, 10

I used the search:

| inputlookup tennis.csv | stats count, max(amount), min(amount), avg(amount) by customer, type

Which gave me this:

Hope this of some help! 🙂

rturk · ‎08-28-2013

No problems Yu - Please accept Hiroshi's answer so other people can find the solution.

いいえ問題は - 他の人が解決策を見つけることができるように Hiroshi's の答えを受け入れてくださいませ

(Thanks Google translate!)

yuwtennis · ‎08-27-2013

Hello R.Turk.

Thank you for the reply.
I was not aware that you can specify multiple fields in stats!

The result came out the way I wanted .

Thanks
Yu

rturk · ‎08-26-2013

Sorry I didn't see Hiroshi's earlier answer - please accept his answer 🙂

HiroshiSatoh · ‎08-26-2013

The result is useless or in the following?Please let me know if there is something objective.

stats count, min(amount), max(amount), avg(amount) by customer,type
customer type count min max avg
A a 2 10 20 15
A b 1 10 10 10
B a 2 5 10 7.5

HiroshiSatoh · ‎08-27-2013

これはもう解決したと思ってよいか？
Is it may be considered to have resolved this anymore?

サンプルに近いフォーマットならこんな感じになると思う。
I think to be a feeling that if format close to the sample.

･･･ | stats count as count, min(amount) as min, max(amount) as max, avg(amount) as avg by customer,type|stats list(type) as type,list(count) as count,list(min) as min,list(max) as max,list(avg) as avg by customer

yuwtennis · ‎08-27-2013

Hello Hiroshi.

回答ありがとうございます。

以下のような結果を出したいです。

ex1：
customer type amount
A a 10
A a 10
A a 10
A b 10
B b 20
B c 10
C a 10

res1：
customer type avg min max
A a 10 10 10
b 10 10 10
B b 20 20 20
c 10 10 10
C a 10 10 10

以上です。

HiroshiSatoh · ‎08-26-2013

Hi. yuwtennis.I also love tennis.

もう少しバリエーションをふやして結果のイメージを提供してもらえませんか？

Could you provide an image of the result by increasing the variation a little more?

yuwtennis · ‎08-26-2013

customer 別に type の値を計算したいのですが、
どうもうまくいかないみたいで。。。もし、
解決方法をご教示いただけると幸いです。

yuwtennis · ‎08-26-2013

Hello Hiroshi.

My goal is to calculate the stats (max, min , avg) by type per customer.
I believe just simply specifying "by" statement in stats groups by
type regardless of customer.

So if something like ,

stats ( count by type ) by customer

can happen, I can achieve my goal.

Calculate avg , min , max for per multivalue field

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases