I have multiple values connected to a timestamp at 5 minute intervals and I want to get the average of these multiple values at each interval and graph them as a timechart.
I tried the query
| timechart span=5m avg(stats_value)
Turns out there are about 300 statsvalues associated with each timestamp... I thought it was only a couple. What should I do to make this data meaningful if I can't just average 300 values or each time_stamp?
Okay this makes a lot more sense now... There are about 300 statsvalues associated with each timestamp... I thought it was only a couple. What should I do to make this data meaningful if I can't just average 300 values or each time_stamp?
I forgot to mention that there's like 4000 rows. Sadly those two don't seem to work. 😞
| dbquery "routerdb" "select timestamp, statsvalue from tblteststats" | stats avg(statsvalue) by timestamp
and it said no results.
Statsvalue and timestamp are two different columns. Pls help
What do you get when you do
| dbquery "routerdb" "select time_stamp, stats_value from tbl_test_stats" | table time_stamp, stats_value
Also, can you try converting the stats_value field to number, like this
| dbquery "routerdb" "select time_stamp, stats_value from tbl_test_stats" | convert num(stats_value) as stats_value | stats avg(stats_value) by time_stamp
For the first query I get no results found which makes no sense...
The second query the "| concert num(statsvalue) as statsvalue" works but when "| stats avg(statsvalue) by timestamp" is added it also returns no results.
It would appear the issue is with the dbquery, not the stats. If the first doesn't return any results, the second will not work.
Do you see any errors in the DBConnect app? I assume you are using v1?
Is each event one line or multi line?
If each one is one line then |timechart avg(Values_field)
If it's multi line events then your best bet is to break each line into one event and use the same search.
Statsvalue and timestamp are two different columns. Also there's about 4000 rows... I just don't know how to average each 5 minute increment as one value and graph it. It just says no results found if I do | timechart avg(stats_value).
Ok so your time extraction must be "off". Does the _time field show up for each event? If it does, the time column should appear on the left of each event when you do a normal
Search. AND it should match the DATETIME stamp in the events.
It kinda looks like this:
Graphing the first 1000 entries seems to work but I wanted to average out all the statsvalues that are associated with one timestamp.