Does aggregate mean using (sum, average, count etc) or does it mean something else? Please give an example on how to aggregate two types of data.
I'm using Splunk Search and Reporting (search query only)
Hi ,
You can check the below link on aggregate functions and how to use those functions in splunk
http://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Aggregatefunctions
View solution in original post
Thank you! If i have two different sources is it possible to aggregate those two togther and let's say find the average for both of them ? Or i have to find the average of each of them seperatly.
Yes , it is possible to aggregate those two together and find the average for both of them
Thank you! do you have an example please ?
"aggregate" depends on what you are trying to find out:
can be used with | stats or | chart for example: http://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/CommonStatsFunctions#Supported_fun...
| stats
| chart
or with | eval for example: http://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/MathematicalFunctions http://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/StatisticalFunctions
| eval
Thank you!
can you provide sample data and search string?
The data i have are xml files and lookup tables. I just want an explannation of what aggregate two data types mean. Thanks!
