Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to work out average

PaulaCom
Path Finder
‎07-12-2023 04:32 AM

Hi all 

i have a search running with the following results

date_year                   count 

2022                             44,814

 

how do i get the average count over the year? 

I've tried to eval date_year by 12 but this doesnt look right. 

Also have | timechart avg(date_year) and this is not working out 

any ideas?

PaulaCom_0-1689161537556.png

 

 

 

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 05:06 AM

Hi @PaulaCom,

if you want the average for month, you could calculate:

index=mmuh_helpdesk sourcetype=mmuh_helpdesk_json
| stats count BY date_month
| stats avg(count) AS avg

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-12-2023 05:00 AM

What do you mean by average count over the year?

Is this average daily count over the year, or average weekly count, or average monthly count?

Whatever your time frame, you should calculate the counts for each month (for example) then take the average of these counts.

0 Karma
Reply
Solved! Jump to solution

PaulaCom
Path Finder
‎07-12-2023 05:07 AM

thank you 

i'm using data from 2022

the total number of calls to our helpdesk was 45k (ish)

and need to show the average calls we receive every month 

so if i work that out in my head thats 45 / 12 = 3750 average number of calls per month

i'd like to work this out in Splunk 

thank you 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 04:57 AM

Hi @PaulaCom,

if you have only one value it isn't possible to calculate the average.

Could you share your search?

Ciao.

Giuseppe

Reply
Solved! Jump to solution

PaulaCom
Path Finder
‎07-12-2023 05:03 AM

thank you 

my search is pretty basic 

index=mmuh_helpdesk sourcetype=mmuh_helpdesk_json
| dedup id
| fillnull value=NULL 

I've set the range to 'previous year'

there is also a field called date_month which shows the number of tickets raised over each month like this:

PaulaCom_0-1689163390697.png

thanks 

 

P:) 

 

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 05:06 AM

Hi @PaulaCom,

if you want the average for month, you could calculate:

index=mmuh_helpdesk sourcetype=mmuh_helpdesk_json
| stats count BY date_month
| stats avg(count) AS avg

Ciao.

Giuseppe

Reply
Solved! Jump to solution

PaulaCom
Path Finder
‎07-12-2023 05:13 AM

starbar! 

thank you 🙂 

 

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 05:14 AM

Hi @PaulaCom ,

good for you, see next time!

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

Reply
Solved! Jump to solution

PaulaCom
Path Finder
‎07-12-2023 05:20 AM

thank you 

I got a long number in my response 3759.4166666666665

so used the floor command to round it up !

 

thanks again for your guidance - 

 

P

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-12-2023 05:27 AM

The floor function rounds down not up; the ceil function will round up; the round function will round to the nearest number (with a specified level of precision).

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...