Dashboards & Visualizations

mutliple moving averages for a time chart.

learningsplunk
Path Finder

Hello Splunk community, 

For this dataset : 

TimeAgentNumber of calls taken
11:00 AMJohn1
11:00 AMKate0
11:00 AMEric1
10:00 AMJohn2
10:00 AMKate1
10:00 AMEric0
9:00 AMJohn0
9:00 AMKate1
9:00 AMEric1
8:00 AMJohn3
8:00 AMKate1
8:00 AMEric2
7:00 AMJohn3
7:00 AMKate5
7:00 AMEric2
6:00 AMJohn2
6:00 AMKate3
6:00 AMEric0


Is it possible to get a moving average for each agent along with the moving average for the total amount of calls in one specific hour  and to place this all into a time chart? 

this is the Splunk query I'm currently using :

| union [| search  <insert index here>  AGENT=* | bin _time span=1h | stats count BY _time | trendline wma2(count) AS AverageNumberoftotalcallsperhour |table _time AverageNumberoftotalcallsperhour ]
[| search <insert index here> Agent=Kate| bin _time span=1h | stats count BY _time | trendline wma2count) AS AvgKate |table _time AvgKate ]
[| search<insert index here>  Agent=John| bin _time span=1h | stats count BY _time | trendline wma2(count) AS AverageNumberOfCallsPerHourbyJohn |table _time AverageNumberOfCallsPerHourbyJohn  ]
[| search<insert index here> Agent=Eric| bin _time span=1h | stats count BY _time | trendline wma2(count) AS AvgEric |table _time AvgEric ]



However, when trying to run the splunk query,  the output isn't correct : 

_timeAverageNumberoftotalcallsperhourAvgKateAverageNumberOfCallsPerHourbyJohnAvgEric  
6:00 AM2     
7:00 PM2     
8:00 AM 3    
9:00 AM 3    
10:00 AM  4   
11:00 AM  4   

Noon

   5  

               

Labels (1)
Tags (2)
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!