Re: Average of a field

saranyaa21 · ‎10-11-2018

Hi,

I have a log trace like, ...........................wages: 50

I have written a splunk query to skip all the entries before "wages:" and print only the values like 50, 30, whatever.

sourcetype=mysource host=myhost* "myClassName" | rex field=_raw "(?<"ac">(?<=wages:).*?$)" | stats count by ac

Now, I'm not able to find the median/ average of the values in ac.
Eg: (50+50)/2

Can you please help me in obtaining this value.

Thanks

Vijeta · ‎10-11-2018

you can do |stats avg(ac)

saranyaa21 · ‎10-11-2018

No it dint work 😞

saranyaa21 · ‎10-11-2018

It is displaying nothing

Vijeta · ‎10-11-2018

Did you check if you are getting any values in ac, just see what below gives you

sourcetype=mysource host=myhost* "myClassName" | rex field=_raw "(?<"ac">(?<=wages:).*?$)" | table ac

saranyaa21 · ‎10-11-2018

Yes, the query sourcetype=mysource host=myhost* "myClassName" | rex field=_raw "(?<"ac">(?<=wages:).*?$)" | table ac , returns me some values, like, 30, 50, etc.,

but when i give stats avg(ac), it doesn't return any result

sduff_splunk · ‎10-11-2018

sourcetype=mysource host=myhost* "myClassName" | rex field=_raw "(?<"ac">(?<=wages:).*?$)" | stats avg(ac)

Average of a field

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio