Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

two aggregations? latest and average

Brandon_B
Engager
‎10-20-2023 02:50 PM

I'm trying to look at the last result of code coverage for repo and then average that out for the team each month. 
It would be something like this below but nesting a latest within an average doesn't work.

| timechart span=1mon avg(latest(codecoverage.totalperc) by reponame) by team


With this, I foresee an issue where the repos built every month aren't static but dynamic. I was looking at streamstats to see how the events change over time, but still can only get it grouped by reponame or by team and can't get it groupd by both


| timechart span=1mon latest(codecoverage.totalperc) as now by reponame
|untable _time,reponame,now
|sort reponame
|streamstats current=f window=1 last(now) as prev by reponame 
|eval Difference=now-prev
| maketable _time,reponame,Difference

 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-21-2023 02:10 AM

Try something like this

| sort 0 _time
| bin _time span=1mon
| stats last(codecoverage.totalperc) as coverage by _time reponame team
| timechart span=1mon avg(coverage) as average_coverage by team
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-20-2023 05:21 PM

I think you have the right idea by using streamstats and timechart, but you have them in the wrong order.  Try this untested SPL as an alternative to nesting latest within avg.

| streamstats latest(codecoverage.totalperc) as totalperc by reponame
| timechart span=1mon avg(totalperc) as avgtotalperc by team

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...