Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Average with filter

Lucie99
Explorer
‎08-10-2020 06:22 AM

Hi everyone,

I don't know how to do the average of the "Moy" for all Debit = 5 and per month with DateJour and after this exactly the same but with Debit =25.

screen.PNG

Has somebody an idea ? 

I tried many instructions but don't work ..

 

Thank you in advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-10-2020 07:07 AM

Hi

Please try:

 

<base search>
| bin span=1mon DateJour
| stats avg(Moy) as avgMoy by DateJour, Depit

 

I'm expecting that DateJour is containing time as epoch? If not then you must convert it first to epoch or use _time (instead of DateJour) which already is in correct format.

r. Ismo 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-10-2020 07:07 AM

Hi

Please try:

 

<base search>
| bin span=1mon DateJour
| stats avg(Moy) as avgMoy by DateJour, Depit

 

I'm expecting that DateJour is containing time as epoch? If not then you must convert it first to epoch or use _time (instead of DateJour) which already is in correct format.

r. Ismo 

0 Karma
Reply
Solved! Jump to solution

Lucie99
Explorer
‎08-11-2020 04:32 AM

Hi thanks for helping me.   This instruction that is very simiral to yours works, but it gives me the average of all debits (5 and 25) ! How can I do separately the average for debit = 5 and the 2nd average for debit = 25 ? 


| stats avg(Moy) as AvgMoy by _time, Debit      (I used this)

 

Thank you

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎08-11-2020 04:51 AM

Hi

I'm not sure if I understood your question, but if you want those avgs one by one with separate queries then this helps.

<base query> Debit=5
| bin span=1mon _time
| stats avg(Moy) as AvgMoy by _time, Debit

 

And then the second query with debit=25. And if you couldn't add that on the index=.... then you can catch those lines with

| where debit = 5

later on, but before that stats on your query.

If you are meaning something else then please explain that little bite more.

r. Ismo 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...