https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281747#M85028 <PRE><CODE>If you were able to extract field bandwidth 1 and 3600 then extract or split another field called type Gbps and Mbps and use If condition type = Gbps then bandwidth/1000 else bandwidth and then use timechart for average. </CODE></PRE> Wed, 08 Feb 2017 07:07:18 GMT mpreddy 2017-02-08T07:07:18Z https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281743#M85024 <P>My raw data:</P> <PRE><CODE>Feb 7 18:18:23 impact 1 Gbps/137.54 Kpps, importance 2... Feb 7 18:18:23 impact 3600 Mbps/137.54 Kpps, importance 2... </CODE></PRE> <P>I want use timechart search command calculate avg(1Gbps &amp; 3600Mbps) by week or month. Now i use rex to extract field 1G and 3600Mbps values but the field name is same. i wish to change 3600Mbps to Gbps then run <CODE>timechart avg(field)</CODE>. What should i do? Thanks. </P> Wed, 08 Feb 2017 00:52:44 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281743#M85024 chengyu 2017-02-08T00:52:44Z https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281744#M85025 <P>Can you share your current search that you've so far?</P> Wed, 08 Feb 2017 01:05:29 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281744#M85025 somesoni2 2017-02-08T01:05:29Z https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281745#M85026 <P>try like this:</P> <PRE><CODE>base query |rex "impact\s(?&lt;bandwidth&gt;.*)/(?&lt;mbps&gt;.\d+.\d+)" |timechart span=1mon avg(mbps) as avg by bandwidth </CODE></PRE> Wed, 08 Feb 2017 01:43:03 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281745#M85026 mpreddy 2017-02-08T01:43:03Z https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281746#M85027 <P>Hi Sir, data is 1 Gbps/137.54 Kpps or 3600 Mbps/137.54 Kpps, i want calculate 1Gbps &amp; 3600 Mbps avg value, not Kpps value. So i can use rex extract field capture 1 and 3600 value and call field name "bandwidth", but 3600 need transfer to gigabyte, finally use splunk command "timechart sapn=1mon avg(bandwidth)"</P> Wed, 08 Feb 2017 06:00:42 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281746#M85027 chengyu 2017-02-08T06:00:42Z https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281747#M85028 <PRE><CODE>If you were able to extract field bandwidth 1 and 3600 then extract or split another field called type Gbps and Mbps and use If condition type = Gbps then bandwidth/1000 else bandwidth and then use timechart for average. </CODE></PRE> Wed, 08 Feb 2017 07:07:18 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281747#M85028 mpreddy 2017-02-08T07:07:18Z https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281748#M85029 <P>myserarch ... |table bandwidth,_time | rex field=bandwidth "^(?P\d+.\d+)\s(?P\w+)$" | eval Unit=case(Unit="Gbps",1024,true(),1) | eval InGbps=(Value*Unit)/1024 |eval InGbps=round(InGbps,2) | timechart span=1d max(InGbps) as MaxGbps avg(InGbps) as AvgGbps</P> <P>extract fields : <BR /> 1.04 Gbps<BR /> 384.05 Mbps<BR /> 5.01 Gbps<BR /> ...</P> Tue, 14 Feb 2017 03:47:29 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-timechart-command-to-calculate-the-average-of-a-field/m-p/281748#M85029 chengyu 2017-02-14T03:47:29Z