Re: Can I use an average in maps+ instead of count...

sarauppal · ‎09-13-2018

While using maps+ the clusters it makes show count of events in it. How can i use average of the values for a particular kpi? Like when it shows cluster count can I display average of a KPI like I am able to do on custom cluster maps

AS the picture shows counts like 273, I want average of a percentage displayed here. Is that at all possible. Please help, I need this done quickly.

Currently I am doing the same thing using Custom Cluster Maps

basesearch|eval kpi=A+B |geostats latfield=latitude lonfield=longitude avg(kpi)

This gives me the desired result where geogriphical clusters are made with average of KPI for all the items in the cluster displayed on top.

But map+ has better detailing, so I wanted to use that. Is there a way I can get a similar average there instead of count of items in the cluster?

ygdrassilp · ‎10-15-2019

Hope this could get answer since maps+ has a nice design

mstjohn_splunk · ‎09-13-2018

Hi @sarauppal,

I went ahead and deleted your duplicate post and posted the details from your comment into this post. Good luck with your query!

Can I use an average in maps+ instead of count?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases