https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219594#M64527 <P>The sma is available in trendline. Here is documentation on Trendline</P> <P><A href="https://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Trendline">https://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Trendline</A></P> Tue, 09 Aug 2016 14:28:56 GMT somesoni2 2016-08-09T14:28:56Z https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219591#M64524 <P>I want to know the exact difference between sma and avg. Also, can someone pls provide detailed description of trendline?</P> Tue, 09 Aug 2016 11:16:03 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219591#M64524 simona2121 2016-08-09T11:16:03Z https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219592#M64525 <P>The simple moving average (SMA) is the most basic of the moving averages used for stock/futures trading usually. The simple moving average formula is calculated by taking the average closing price of a stock over the last "x" periods. (x@noon+x@1pm+x@2pm)/3</P> <P>Average (AVG) is the sum of all the parts divided by the number of the parts (x+y+z)/3</P> Tue, 09 Aug 2016 14:10:57 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219592#M64525 jkat54 2016-08-09T14:10:57Z https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219593#M64526 <P>index=_internal | timechart count | trendline sma5(count)</P> <P>The number after sma is the number of buckets you want to average over.</P> <P>So sma5(count) averages the last 5 occurrences of count, whereas avg(count) would only be the average number of count in that time bucket.</P> <P>Say you have a field called sales, and these are your events:</P> <P>8/8 - sales=100<BR /> 8/8 - sales=50<BR /> 8/8 - sales=100<BR /> 8/8 - sales=50<BR /> 8/9 - sales=200<BR /> 8/9 - sales=100<BR /> 8/9 - sales=200<BR /> 8/9 - sales=100</P> <P>The avg(sales) on 8/8 is 75, the avg(sales) on 8/9 is 150, the sma2(sales) is 112.5 on 8/9 but it wont even compute for 8/8 because you only have 1 day of trailing data with sales and you wanted sma2. AND this is assuming you put your data in buckets which equal 1 day of time each... if you add timestamps for hours, timechart would then change to different bucket sizes. You can force bucket sizes with the bin or bucket commands.</P> <P><A href="https://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Trendline">https://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Trendline</A><BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Bin">http://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Bin</A><BR /> bucket is alias of bin</P> Tue, 09 Aug 2016 14:23:43 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219593#M64526 jkat54 2016-08-09T14:23:43Z https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219594#M64527 <P>The sma is available in trendline. Here is documentation on Trendline</P> <P><A href="https://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Trendline">https://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Trendline</A></P> Tue, 09 Aug 2016 14:28:56 GMT https://community.splunk.com/t5/Splunk-Search/What-is-the-difference-between-sma-and-avg/m-p/219594#M64527 somesoni2 2016-08-09T14:28:56Z