Solved: Re: Average Count doesn't show?

dbcase · ‎09-02-2016

Hi,

I have this query

earliest=-4d index=wls OR index=main "ServletRequestImpl.java:2768" OR "rest path:/rest spec-version:2.5]] Servlet failed with Exception"|stats count avg(count) by host

And the results look like this

The count shows but no average count.... what am I missing?

somesoni2 · ‎09-02-2016

Give this a try.

earliest=-4d index=wls OR index=main "ServletRequestImpl.java:2768" OR "rest path:/rest spec-version:2.5]] Servlet failed with Exception"| bucket span=1d _time |stats count  by _time host | stats sum(count) as count avg(count) as avg by host

Replace avg with trend line for other requirement.

View solution in original post

somesoni2 · ‎09-02-2016

Give this a try.

earliest=-4d index=wls OR index=main "ServletRequestImpl.java:2768" OR "rest path:/rest spec-version:2.5]] Servlet failed with Exception"| bucket span=1d _time |stats count  by _time host | stats sum(count) as count avg(count) as avg by host

Replace avg with trend line for other requirement.

dbcase · ‎09-02-2016

Thanks somesoni2!!! Worked great!!!

somesoni2 · ‎09-02-2016

You can't use avg(count) as the field count is not available before stats. What you want to show in avg count?

dbcase · ‎09-02-2016

the average by day for each host

dbcase · ‎09-02-2016

I'm guessing the same applies for Trendline?

earliest=-45d index=wls OR index=main "ServletRequestImpl.java:2768" OR "rest path:/rest spec-version:2.5]] Servlet failed with Exception"|timechart  span=1d count by host| trendline sma2(count) as Trend

On this query I get the same count by host but no trendline

Average Count doesn't show?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms