All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

calculate avg in specific period

hqw
Path Finder
‎06-25-2015 10:34 PM

Hi all,

I want to calculate average performance of my server in last month, since for different servers, they were reporting different days in a period, and if i use average for total (with 30 days), it may draw down some performance of a server, so now i just use total performance for each server divide the total reporting date for that server. but somehow my search is not working, i can't get anything out. could you pls kindly guild me what is wrong?

Best Regards

my search:

interaction_count earliest=-30d latest=@d | eval date = strftime(_time, "%Y-%m-%d") |stats dc(date) AS "Reporting_date" by mount_name | stats sum(interaction_count) as sum_day_interaction_count by mount_name |eval avg=sum_day_interaction_count/Reporting_date |table mount_name, avg

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎06-25-2015 10:52 PM

What with this?

interaction_count earliest=-30d latest=@d | eval date = strftime(_time, "%Y-%m-%d") |stats dc(date) AS "Reporting_date", sum(interaction_count) as sum_day_interaction_count by mount_name|eval avg=sum_day_interaction_count/Reporting_date |table mount_name, avg

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎06-25-2015 10:52 PM

What with this?

interaction_count earliest=-30d latest=@d | eval date = strftime(_time, "%Y-%m-%d") |stats dc(date) AS "Reporting_date", sum(interaction_count) as sum_day_interaction_count by mount_name|eval avg=sum_day_interaction_count/Reporting_date |table mount_name, avg

0 Karma
Reply
Solved! Jump to solution

hqw
Path Finder
‎06-26-2015 01:15 AM

Hi Hrio,

I had fixed this problem with a join inside. Thanks for your help on this.

Best regards

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...