topic Re: How do I extract a string of numbers using Rex to work the AVG out from a string to a number in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510210#M142771 <LI-CODE lang="markup">| makeresults count=20 | eval _raw="sample: ".printf("%02d",random() % 24).":".printf("%02d",random() % 60).":".printf("%02d",random() % 60).".".printf("%07d",random() % 9999999) | rename COMMENT as "this is sample" | rename COMMNET as "rex extracts two fields" | rex "(?&lt;times&gt;\d{2}:\d{2}:\d{2})\.(?&lt;sec&gt;\d{7})" | convert dur2sec(times) | eval sec="0.".sec | eval seconds=times+sec | eventstats avg(seconds)</LI-CODE><P><STRONG>convert&nbsp;</STRONG>is useful.</P> Tue, 21 Jul 2020 11:59:40 GMT to4kawa 2020-07-21T11:59:40Z How do I extract a string of numbers using Rex to work the AVG out from a string to a number https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510197#M142765 <P>How do I extract a string of numbers using Rex to work the AVG out from a string to a number As it is showing as blank. The number format 00:00:00.0000000.</P><P>&nbsp;</P><P>thanks Joe</P> Tue, 21 Jul 2020 10:00:11 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510197#M142765 joe06031990 2020-07-21T10:00:11Z Re: How do I extract a string of numbers using Rex to work the AVG out from a string to a number https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510210#M142771 <LI-CODE lang="markup">| makeresults count=20 | eval _raw="sample: ".printf("%02d",random() % 24).":".printf("%02d",random() % 60).":".printf("%02d",random() % 60).".".printf("%07d",random() % 9999999) | rename COMMENT as "this is sample" | rename COMMNET as "rex extracts two fields" | rex "(?&lt;times&gt;\d{2}:\d{2}:\d{2})\.(?&lt;sec&gt;\d{7})" | convert dur2sec(times) | eval sec="0.".sec | eval seconds=times+sec | eventstats avg(seconds)</LI-CODE><P><STRONG>convert&nbsp;</STRONG>is useful.</P> Tue, 21 Jul 2020 11:59:40 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510210#M142771 to4kawa 2020-07-21T11:59:40Z Re: How do I extract a string of numbers using Rex to work the AVG out from a string to a number https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510211#M142772 <P class="lia-align-justify">Hi</P><P class="lia-align-justify">as we discussed on&nbsp;<A href="https://community.splunk.com/t5/Splunk-Search/Issue-with-the-AVG-however-min-and-max-work-fine/td-p/510077/jump-to/first-unread-message" target="_blank">&nbsp;Issue with the AVG however min and max work fine.&nbsp;</A>&nbsp;this is probably on part of date + time field not pure string? Are you interested only for hour, min, sec, fraction part or full timestamp?</P><P class="lia-align-justify">Here is how you could convert this time to epoch:</P><LI-CODE lang="java">| makeresults | eval foo = "00:00:00.0000000" | eval bar = strptime (foo, "%H:%M:%S.%7Q") | eval foobar = strftime (bar, "%H:%M:%S.%7Q") | table foo bar foobar</LI-CODE> Tue, 21 Jul 2020 12:03:25 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510211#M142772 isoutamo 2020-07-21T12:03:25Z Re: How do I extract a string of numbers using Rex to work the AVG out from a string to a number https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510227#M142780 <P>Hi, I just need to pull the AVG from the string field.</P><P>&nbsp;</P> Tue, 21 Jul 2020 13:02:47 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510227#M142780 joe06031990 2020-07-21T13:02:47Z Re: How do I extract a string of numbers using Rex to work the AVG out from a string to a number https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510231#M142782 <P>You cannot calculate AVG from string field. Avg function is available only for numeric fields.&nbsp;</P><P><A href="https://docs.splunk.com/Documentation/Splunk/8.0.5/SearchReference/Aggregatefunctions" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.0.5/SearchReference/Aggregatefunctions</A></P><P>There are more what and when you could use AVG and other aggregate functions.</P><P>Of course if string field's contains numeric values you could first transform string to numeric and then use AVG e.g. with stats to get the average.</P> Tue, 21 Jul 2020 13:12:26 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510231#M142782 isoutamo 2020-07-21T13:12:26Z Re: How do I extract a string of numbers using Rex to work the AVG out from a string to a number https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510232#M142783 <P>Hi, I did try Convert to Convert the string into Numeric but got the same issue.</P> Tue, 21 Jul 2020 13:16:10 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-extract-a-string-of-numbers-using-Rex-to-work-the-AVG/m-p/510232#M142783 joe06031990 2020-07-21T13:16:10Z