https://community.splunk.com/t5/Splunk-Search/simple-moving-average-with-two-variables/m-p/344898#M163150 <P>As you're looking for a simple moving average with a window, instead of the <CODE>trendline</CODE> command, what about using the <A href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/streamstats">streamstats</A> command ? </P> <P>You can set the window / time window appropriately, and just have average(close) by symbol </P> Sat, 03 Feb 2018 21:47:16 GMT acharlieh 2018-02-03T21:47:16Z https://community.splunk.com/t5/Splunk-Search/simple-moving-average-with-two-variables/m-p/344896#M163148 <P>hi , <BR /> i had the following data which is collected daily price of 50 itesms i.e. TIMESTAMP, CLOSE and SYMBOL <BR /> ( eg. 31-jan-2018, PRD1, 320<BR /> 01-Feb-2018, PRD1, 330<BR /> 31-jan-2018, PRD2, 1500<BR /> 01-Feb-2018, PRD1, 1520</P> <P>). </P> <P>i need to find all the product whose closing price is lets say greater than 10 day moving average, 30 day moving average etc. ) </P> <P>this query i am writing </P> <P>input data <BR /> | fields SYMBOL, TIMESTAMP,CLOSE <BR /> | eval Date =strptime(TIMESTAMP, "%d-%b-%Y") <BR /> | fieldformat Date=strftime(Date, "%d-%b-%Y") <BR /> | sort Date<BR /> | trendline sma10(CLOSE) as DMA10<BR /> | trendline sma30(CLOSE) as DMA30<BR /> | table Date, SYMBOL, CLOSE, DMA10, DMA30 <BR /> | sort -Date </P> <P>however this query works well if i write for any one product but calculation fails when data is for both product and sma moving average is also incorrectly calculated</P> <P>Please suggest the approach </P> Fri, 02 Feb 2018 19:55:54 GMT https://community.splunk.com/t5/Splunk-Search/simple-moving-average-with-two-variables/m-p/344896#M163148 himpor 2018-02-02T19:55:54Z https://community.splunk.com/t5/Splunk-Search/simple-moving-average-with-two-variables/m-p/344897#M163149 <P>SYMBOL is your product, right?<BR /> Instead of | table Date, SYMBOL, CLOSE, DMA10, DMA30 try <CODE>stats values(Date),values(CLOSE),values(DMA10),values(DMA30) by SYMBOL</CODE></P> Sat, 03 Feb 2018 12:00:58 GMT https://community.splunk.com/t5/Splunk-Search/simple-moving-average-with-two-variables/m-p/344897#M163149 Sukisen1981 2018-02-03T12:00:58Z https://community.splunk.com/t5/Splunk-Search/simple-moving-average-with-two-variables/m-p/344898#M163150 <P>As you're looking for a simple moving average with a window, instead of the <CODE>trendline</CODE> command, what about using the <A href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/streamstats">streamstats</A> command ? </P> <P>You can set the window / time window appropriately, and just have average(close) by symbol </P> Sat, 03 Feb 2018 21:47:16 GMT https://community.splunk.com/t5/Splunk-Search/simple-moving-average-with-two-variables/m-p/344898#M163150 acharlieh 2018-02-03T21:47:16Z