I was able to get the average CPU time. However, I am getting a result as below.
| Workload | CPU_TIME | AVG_TIME |
| PART A | 3.5 | |
| PART B | 2485.4 | |
| AVG_TIME | | 226.26 |
I want to get the avg time value under the same column as the CPU_TIME.
here is the query that I have
| fields SMF30JBN DATETIME SMF30CPT
| eval Job_Name=SMF30JBN, Date = substr(DATETIME,1,10)
| eval WORKLOAD = substr(Job_Name,1,3)
| eval CP_Time=SMF30CPT
| eval cpu_time=strptime(SMF30CPT,"%H:%M:%S.%2N")
| eval base=strptime("00:00:00.00","%H:%M:%S.%2N")
| eval ctime=cpu_time-base
| eval ctime=round(ctime, 2)
| stats sum(ctime) as CPU_TIME by WORKLOAD
| eval SYST = substr(WORKLOAD,1,1)
| eval TYPE = case(SYST = "F", "PART A PROD",SYST = "M", "PART B PROD")
| appendpipe
[| stats sum(CPU_TIME) as CPU_TIME by TYPE
| eval WORKLOAD="".TYPE." CPU_TIME"]
| fields WORKLOAD CPU_TIME
| append
[search index=cds_ffs_smf030 SMFID=EDCA sourcetype=syncsort:smf030 SMF30STP=5
| fields SMF30JBN DATETIME SMF30CPT
| eval Job_Name=SMF30JBN, Date = substr(DATETIME,1,10)
| eval WORKLOAD = substr(Job_Name,1,3)
| eval CP_Time=SMF30CPT
| eval cpu_time=strptime(SMF30CPT,"%H:%M:%S.%2N")
| eval base=strptime("00:00:00.00","%H:%M:%S.%2N")
| eval ctime=cpu_time-base
| eval ctime=round(ctime, 2)
| stats sum(ctime) as CPU_TIME by WORKLOAD
| stats avg(CPU_TIME) as AVG_TIME
| eval AVG_TIME = round(AVG_TIME, 2)
| eval WORKLOAD="AVG_TIME"]
