https://community.splunk.com/t5/Splunk-Search/Calculate-time-avg-time-and-std-deviation-between-log-entries/m-p/101130#M182818 <P>Use streamstats</P> <PRE><CODE> sourcetype=myweblog | streamstats window=1 global=f current=f last(Timestamp) as next_ts by Src_IP,URL | eval tm_to_next=next_ts-Timestamp | stats avg(tm_to_next) stdev(tm_to_next) by Src_IP,URL </CODE></PRE> Wed, 08 Dec 2010 15:07:54 GMT gkanapathy 2010-12-08T15:07:54Z https://community.splunk.com/t5/Splunk-Search/Calculate-time-avg-time-and-std-deviation-between-log-entries/m-p/101129#M182817 <P>I am trying to average calculate the time between web log entries. If an IP on the network visits the same URL multiple times in a given time period we want to calculate the average time between visits. I cant really do a transaction (at least I dont think so) because the events are the same..no begin or end.</P> <P>I have a search that groups the IP's that visit a URL more than once and also grabs the log entries for each time the URL is visited.</P> <P>The fields in the output are:</P> <P>Timestamp, Src_IP, URL, Count</P> <P>Now for the fun part. Once average time is calculated we want to calculate standard deviation.</P> <P>Any help would be greatly appreciated!</P> Wed, 08 Dec 2010 11:32:38 GMT https://community.splunk.com/t5/Splunk-Search/Calculate-time-avg-time-and-std-deviation-between-log-entries/m-p/101129#M182817 tradecraft1914 2010-12-08T11:32:38Z https://community.splunk.com/t5/Splunk-Search/Calculate-time-avg-time-and-std-deviation-between-log-entries/m-p/101130#M182818 <P>Use streamstats</P> <PRE><CODE> sourcetype=myweblog | streamstats window=1 global=f current=f last(Timestamp) as next_ts by Src_IP,URL | eval tm_to_next=next_ts-Timestamp | stats avg(tm_to_next) stdev(tm_to_next) by Src_IP,URL </CODE></PRE> Wed, 08 Dec 2010 15:07:54 GMT https://community.splunk.com/t5/Splunk-Search/Calculate-time-avg-time-and-std-deviation-between-log-entries/m-p/101130#M182818 gkanapathy 2010-12-08T15:07:54Z