Sorry for the answer above, did not fully understood you.
I think its not ideal to search by "object" as each object has more then one counter and each counter has values that match the counter so you can see for example under object="Processor" you have counters that represents percent (value between 0-100) and other that represents Interrupts/sec for example with values in range of 0-100000. that has large impact on the avg.
regardless, you can just split by whichever field you find valuable and splunk will obey:
index=perfmon host=(serverA OR host=serverB) (object="Processor" OR object="Memory" OR object="Network Interface") | stats avg(Value) by object cpu_percent field3 field4 fieldn
here are 2 screenshots, first is based on split by object, second is split by counter
Sorry for the answer above, did not fully understood you.
I think its not ideal to search by "object" as each object has more then one counter and each counter has values that match the counter so you can see for example under object="Processor" you have counters that represents percent (value between 0-100) and other that represents Interrupts/sec for example with values in range of 0-100000. that has large impact on the avg.
regardless, you can just split by whichever field you find valuable and splunk will obey:
index=perfmon host=(serverA OR host=serverB) (object="Processor" OR object="Memory" OR object="Network Interface") | stats avg(Value) by object cpu_percent field3 field4 fieldn
here are 2 screenshots, first is based on split by object, second is split by counter
