Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Average with filter

Lucie99
Explorer
‎08-10-2020 06:22 AM

Hi everyone,

I don't know how to do the average of the "Moy" for all Debit = 5 and per month with DateJour and after this exactly the same but with Debit =25.

screen.PNG

Has somebody an idea ? 

I tried many instructions but don't work ..

 

Thank you in advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-10-2020 07:07 AM

Hi

Please try:

 

<base search>
| bin span=1mon DateJour
| stats avg(Moy) as avgMoy by DateJour, Depit

 

I'm expecting that DateJour is containing time as epoch? If not then you must convert it first to epoch or use _time (instead of DateJour) which already is in correct format.

r. Ismo 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-10-2020 07:07 AM

Hi

Please try:

 

<base search>
| bin span=1mon DateJour
| stats avg(Moy) as avgMoy by DateJour, Depit

 

I'm expecting that DateJour is containing time as epoch? If not then you must convert it first to epoch or use _time (instead of DateJour) which already is in correct format.

r. Ismo 

0 Karma
Reply
Solved! Jump to solution

Lucie99
Explorer
‎08-11-2020 04:32 AM

Hi thanks for helping me.   This instruction that is very simiral to yours works, but it gives me the average of all debits (5 and 25) ! How can I do separately the average for debit = 5 and the 2nd average for debit = 25 ? 


| stats avg(Moy) as AvgMoy by _time, Debit      (I used this)

 

Thank you

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎08-11-2020 04:51 AM

Hi

I'm not sure if I understood your question, but if you want those avgs one by one with separate queries then this helps.

<base query> Debit=5
| bin span=1mon _time
| stats avg(Moy) as AvgMoy by _time, Debit

 

And then the second query with debit=25. And if you couldn't add that on the index=.... then you can catch those lines with

| where debit = 5

later on, but before that stats on your query.

If you are meaning something else then please explain that little bite more.

r. Ismo 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...