Dashboards & Visualizations

## How can I structure the search to sum up the values into one single value for plotting?

Explorer

I have some data:

Which is retrieved by the following search:

index="INDEX"
| timechart span=7d AVG(FIELD1) by FIELD2
| streamstats AVG window=75
| table _time AVG*

How can I structure that search to sum up the values into one single value for plotting?

Thanks!

Tags (4)
1 Solution
Explorer

Solved!

index="INDEX"
| timechart span=12h sum(FIELD1) as FIELD1 by
| streamstats window=30 AVG
| table _time AVG*

It's not a very pretty answer (forces it to calculate each individual point by span=12h) but it gets the job done.

Explorer

Solved!

index="INDEX"
| timechart span=12h sum(FIELD1) as FIELD1 by
| streamstats window=30 AVG
| table _time AVG*

It's not a very pretty answer (forces it to calculate each individual point by span=12h) but it gets the job done.

Revered Legend

Give this a try

index="INDEX"
| timechart span=7d AVG(FIELD1) as AVG
| streamstats AVG window=75
| table _time AVG*
Explorer

Edit: This worked, I just had to change the span down to only take into account one data collection time, otherwise it would sum for the week.

Explorer

I think I'm trying to change the way I'm looking at the data. Instead of summing the FIELD2's FIELD1 values by date, I'm modifying the base search and summing the FIELD1 by Date.

This search results in an average across all FIELD2 values, somehow.

Revered Legend

Give this a try

index="INDEX"
| bucket span=7d _time
| stats avg(FIELD1) as AVG by _time FIELD2
| stats avg(AVG) as AVG by _time
Get Updates on the Splunk Community!

#### Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

#### Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

#### Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...