Reporting

How to get the average by two variables through a single accelerated report?

sravyav
New Member

Hi,

I need to calculate an average by two fields. Each event has the below values:

time variable1 variable2 countofevents

Example:

2016-04-23 14:30:00 Apple vendor1 3
2016-04-23 14:31:00 Apple vendor2 6
2016-04-23 14:30:00 Mango vendor1 8
2016-04-23 14:30:00 Apple vendor3 7

I need to find:
1) averages of countofevents by variable1
2) averages of countofevents by variable2

Can that be done using single report acceleration?

I tried doing:

index =x | stats avg(countofevents) by _time, variable1, variable2

Then 2 other searches which use report acceleration:

I tried doing:

index =x | stats avg(countofevents) as avg1 by _time, variable1, variable2 | stats avg(avg1) by _time, variable1

and

index =x | stats avg(countofevents) as avg1 by _time, variable1, variable2 | stats avg(avg1) by _time, variable2

The above didn't work because it is trying to do avg on average values again.

Is there any way I can get the required data by using single report acceleration instead of two?

Thanks
sravya

0 Karma
1 Solution

lguinn2
Legend

The following might work,but I don't know if it can be accelerated:

index = x 
| appendpipe [ stats avg(countofevents) as avg1 by variable1 | rename variable1 as "Var1 Heading" ]
| appendpipe [ stats avg(countofevents) as avg2 by variable2 | rename variable2 as "Var2 Heading" ]
| table "Var1 Heading" avg1 "Var2 Heading" avg2

View solution in original post

0 Karma

lguinn2
Legend

The following might work,but I don't know if it can be accelerated:

index = x 
| appendpipe [ stats avg(countofevents) as avg1 by variable1 | rename variable1 as "Var1 Heading" ]
| appendpipe [ stats avg(countofevents) as avg2 by variable2 | rename variable2 as "Var2 Heading" ]
| table "Var1 Heading" avg1 "Var2 Heading" avg2
0 Karma

sravyav
New Member

Thanks lguinn. it can be accelerated..

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...