Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Average with filter

Lucie99
Explorer
‎08-10-2020 06:22 AM

Hi everyone,

I don't know how to do the average of the "Moy" for all Debit = 5 and per month with DateJour and after this exactly the same but with Debit =25.

screen.PNG

Has somebody an idea ? 

I tried many instructions but don't work ..

 

Thank you in advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-10-2020 07:07 AM

Hi

Please try:

 

<base search>
| bin span=1mon DateJour
| stats avg(Moy) as avgMoy by DateJour, Depit

 

I'm expecting that DateJour is containing time as epoch? If not then you must convert it first to epoch or use _time (instead of DateJour) which already is in correct format.

r. Ismo 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-10-2020 07:07 AM

Hi

Please try:

 

<base search>
| bin span=1mon DateJour
| stats avg(Moy) as avgMoy by DateJour, Depit

 

I'm expecting that DateJour is containing time as epoch? If not then you must convert it first to epoch or use _time (instead of DateJour) which already is in correct format.

r. Ismo 

0 Karma
Reply
Solved! Jump to solution

Lucie99
Explorer
‎08-11-2020 04:32 AM

Hi thanks for helping me.   This instruction that is very simiral to yours works, but it gives me the average of all debits (5 and 25) ! How can I do separately the average for debit = 5 and the 2nd average for debit = 25 ? 


| stats avg(Moy) as AvgMoy by _time, Debit      (I used this)

 

Thank you

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎08-11-2020 04:51 AM

Hi

I'm not sure if I understood your question, but if you want those avgs one by one with separate queries then this helps.

<base query> Debit=5
| bin span=1mon _time
| stats avg(Moy) as AvgMoy by _time, Debit

 

And then the second query with debit=25. And if you couldn't add that on the index=.... then you can catch those lines with

| where debit = 5

later on, but before that stats on your query.

If you are meaning something else then please explain that little bite more.

r. Ismo 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...