https://community.splunk.com/t5/Splunk-Search/Help-Regarding-search-query/m-p/601659#M209393 <P>Hi,</P> <P>I have following splunk query.<BR /><BR />| dbxquery connection="FFconed_feTenant" query="select count(file_name) as file_count, DATE_FORMAT(created_at,\"%m/%d/%y %W\") as date from ida_files_inventory<BR />where created_at &gt; Date_sub(Curdate(), INTERVAL 7 Day) and created_at &lt; Curdate() group by DATE_FORMAT(created_at,\"%m/%d/%y %W\")"</P> <P>It gives me the per-day count of files received in last 7 days along with the date. The result is as follows.</P> <P>date&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; file_count<BR />06/07/22 Tuesday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 79<BR />06/08/22 Wednesday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;46<BR />06/09/22 Thursday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 57<BR />06/10/22 Friday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5<BR />06/11/22 Saturday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5<BR />06/12/22 Sunday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 227<BR />06/13/22 Monday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 187</P> <P>I want to calculate the running averages of file_counts for all these days.&nbsp;</P> <P>For e.g.<BR />for 1st day, running average is 79/1 = 79<BR />for 2nd day, running average is 79+46/2 = 62.5<BR />for 3rd day, running average is 79+46+57/3 = 60.67<BR />and so on.</P> <P>For this I want to write a query. Please help me with this.&nbsp;&nbsp;</P> Tue, 14 Jun 2022 16:25:58 GMT devdattajogleka 2022-06-14T16:25:58Z https://community.splunk.com/t5/Splunk-Search/Help-Regarding-search-query/m-p/601659#M209393 <P>Hi,</P> <P>I have following splunk query.<BR /><BR />| dbxquery connection="FFconed_feTenant" query="select count(file_name) as file_count, DATE_FORMAT(created_at,\"%m/%d/%y %W\") as date from ida_files_inventory<BR />where created_at &gt; Date_sub(Curdate(), INTERVAL 7 Day) and created_at &lt; Curdate() group by DATE_FORMAT(created_at,\"%m/%d/%y %W\")"</P> <P>It gives me the per-day count of files received in last 7 days along with the date. The result is as follows.</P> <P>date&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; file_count<BR />06/07/22 Tuesday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 79<BR />06/08/22 Wednesday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;46<BR />06/09/22 Thursday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 57<BR />06/10/22 Friday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5<BR />06/11/22 Saturday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5<BR />06/12/22 Sunday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 227<BR />06/13/22 Monday&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 187</P> <P>I want to calculate the running averages of file_counts for all these days.&nbsp;</P> <P>For e.g.<BR />for 1st day, running average is 79/1 = 79<BR />for 2nd day, running average is 79+46/2 = 62.5<BR />for 3rd day, running average is 79+46+57/3 = 60.67<BR />and so on.</P> <P>For this I want to write a query. Please help me with this.&nbsp;&nbsp;</P> Tue, 14 Jun 2022 16:25:58 GMT https://community.splunk.com/t5/Splunk-Search/Help-Regarding-search-query/m-p/601659#M209393 devdattajogleka 2022-06-14T16:25:58Z https://community.splunk.com/t5/Splunk-Search/Help-Regarding-search-query/m-p/601662#M209394 <LI-CODE lang="markup">| streamstats count sum(file_count) as total | eval average=round(total/count,1)</LI-CODE> Tue, 14 Jun 2022 06:57:53 GMT https://community.splunk.com/t5/Splunk-Search/Help-Regarding-search-query/m-p/601662#M209394 ITWhisperer 2022-06-14T06:57:53Z https://community.splunk.com/t5/Splunk-Search/Help-Regarding-search-query/m-p/601679#M209405 <P>Hi . this query should be worked for you :<BR />| streamstats count,sum(file_count) as total_sum | eval avg=total_sum/count</P> Tue, 14 Jun 2022 08:30:41 GMT https://community.splunk.com/t5/Splunk-Search/Help-Regarding-search-query/m-p/601679#M209405 marysan 2022-06-14T08:30:41Z