Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Average command vs count and average command

ranjitbrhm1
Communicator
‎04-28-2018 11:40 PM

Maybe im just bad in mathematics. but why does splunk docs always take the count of events and then the avg of events (stats count(events) | stats avg(events) instead of stats avg events directly?

can someone please explain the logic to me?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

TISKAR
Builder
‎04-29-2018 01:47 AM

Hello,

The avg function applie to number field avg(event) the event is number, you can apply avg directly to the field that have the number value without use stats count, and when you use | stats count | stats avg the avg look only to the result give by stats count
For example: 

 stats count as a by field | stats avg(a)

can you share the link of docs please

Regards

View solution in original post

Reply
Solved! Jump to solution
Solution

TISKAR
Builder
‎04-29-2018 01:47 AM

Hello,

The avg function applie to number field avg(event) the event is number, you can apply avg directly to the field that have the number value without use stats count, and when you use | stats count | stats avg the avg look only to the result give by stats count
For example: 

 stats count as a by field | stats avg(a)

can you share the link of docs please

Regards

Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-29-2018 12:26 AM

Can you provide a link to an example of that? The way you quoted it here it doesn’t make too much sense to me...

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...