Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Average with filter

Lucie99
Explorer
‎08-10-2020 06:22 AM

Hi everyone,

I don't know how to do the average of the "Moy" for all Debit = 5 and per month with DateJour and after this exactly the same but with Debit =25.

screen.PNG

Has somebody an idea ? 

I tried many instructions but don't work ..

 

Thank you in advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-10-2020 07:07 AM

Hi

Please try:

 

<base search>
| bin span=1mon DateJour
| stats avg(Moy) as avgMoy by DateJour, Depit

 

I'm expecting that DateJour is containing time as epoch? If not then you must convert it first to epoch or use _time (instead of DateJour) which already is in correct format.

r. Ismo 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-10-2020 07:07 AM

Hi

Please try:

 

<base search>
| bin span=1mon DateJour
| stats avg(Moy) as avgMoy by DateJour, Depit

 

I'm expecting that DateJour is containing time as epoch? If not then you must convert it first to epoch or use _time (instead of DateJour) which already is in correct format.

r. Ismo 

0 Karma
Reply
Solved! Jump to solution

Lucie99
Explorer
‎08-11-2020 04:32 AM

Hi thanks for helping me.   This instruction that is very simiral to yours works, but it gives me the average of all debits (5 and 25) ! How can I do separately the average for debit = 5 and the 2nd average for debit = 25 ? 


| stats avg(Moy) as AvgMoy by _time, Debit      (I used this)

 

Thank you

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎08-11-2020 04:51 AM

Hi

I'm not sure if I understood your question, but if you want those avgs one by one with separate queries then this helps.

<base query> Debit=5
| bin span=1mon _time
| stats avg(Moy) as AvgMoy by _time, Debit

 

And then the second query with debit=25. And if you couldn't add that on the index=.... then you can catch those lines with

| where debit = 5

later on, but before that stats on your query.

If you are meaning something else then please explain that little bite more.

r. Ismo 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...