Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Average Field Value per Second

matthewcanty
Communicator
‎05-01-2012 07:58 AM

Hi there, I have a problem and think I know the cause. Looking for the work around. I am sending periodic logs to Splunk which contains count information and want to timechart the Fixtures per second. For example:

FeedSource="A" Sport="Football" Fixtures=20

The message is sent every 10 seconds so the fix/ps should be 2. But how can I get this to work across any time frame I am looking at?

So if I am looking at 1 day and each point represents an hour, the count must be divided by 3600. Whereas if I am looking at 1 minute and each point on the graph represents 1 second, the count must be divided by 1.

avg(X) cannot be used because some log messages will contain Fixtures=0 which will bring the average per second down.

Thanks in advance for any help!

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎05-01-2012 08:10 AM

Use per_second:

... | stats per_second(Fixtures)

http://docs.splunk.com/Documentation/Splunk/4.3.2/SearchReference/CommonStatsFunctions

Reply
Solved! Jump to solution

dennywebb
Path Finder
‎04-19-2013 07:20 PM

This only works on timechart... not stats.

Reply
Solved! Jump to solution

matthewcanty
Communicator
‎05-01-2012 08:13 AM

Holy moly... feel bad!

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...