Average of Ack _time for each day over week

mangeshtonde · ‎12-12-2020

I have created a dashboard with the help of join which extract data in below format. Incoming event is mapped with outgoing event and time difference is displayed(AcK_time)

IncEvntIDTime IncoingEventID OutEvntIDTime OutgngEvntID Ack_time
13 Dec 2020 14:55:52 X12356565 13 Dec 2020 14:55:54 X12356565 2
13 Dec 2020 14:55:53 X12356567 13 Dec 2020 14:55:54 X12356567 2

Problem statement: I want average of Ack _time for each day over week in below format.

Date Avg of Ack_time

Monday 2

Tuesday 3

Wednesday 3

and so on.....

Thanks in advance!!

@woodcock

woodcock · ‎12-12-2020

Like this:

|makeresults
| eval _raw="IncEvntIDTime,IncoingEventID,OutEvntIDTime,OutgngEvntID,Ack_time
13 Dec 2020 14:55:52,X12356565,13 Dec 2020 14:55:54,X12356565,2
13 Dec 2020 14:55:53,X12356567,13 Dec 2020 14:55:54,X12356567,2"
| multikv forceheader=1
| fields - _raw linecount
| eval _time = strptime(IncEvntIDTime, "%d %b %Y %H:%M:%S")

| eval date_weekday = strftime(_time, "%A")
| stats avg(Ack_time) BY date_weekday

mangeshtonde · ‎12-14-2020

@woodcock - Thank you for your reply, but it didn't work.

Average of Ack _time for each day over week

timechart

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Are you a member of the Splunk Community?

Average of Ack _time for each day over week

timechart

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0