Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

average calculation

zacksoft
Contributor
‎05-18-2018 09:03 AM

sourcetype="MATIZ" host=A OR host=B or host=C
| base search
| timechart span=1d eval(round(avg(response_time),2)) by host

with a search preset for 'last 30 days'

Our system comprises of three hosts. Using the above query gives me average response_time by each host. But I don't want that.
I want the visualization of simple moving average of response time of the entire system as a whole, not by each host.

A Trendline would help.

Need assistance here.
Thank you.

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎05-18-2018 10:27 AM

hello there,

try trendline or streamstats check out the following answers:
https://answers.splunk.com/answers/189759/how-to-calculate-moving-average-and-graph-it-as-an.html
https://answers.splunk.com/answers/554522/what-is-the-best-way-to-get-the-running-average-an.html
https://answers.splunk.com/answers/542213/moving-average-query.html
you can try and remove you by host clause to get the "system as a whole" or use a function that present your idea of "system as a whole"

hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...