Solved: Re: Average of unknown number of fields

helge · ‎01-11-2013

I have an unknown number of fields with similar names, e.g. field1, field2, field3, etc.

I need the average of all values from all fields. I tried to use a wildcard:

avg(field*)

But that gives me the averages of each field individually:

avg(field1) avg(field2) avg(field3) ...

This does not work either (no results):

avg(avg(field*))

Is there a way to get the average of all fields in a single value?

lguinn2 · ‎01-11-2013

Try this:

yoursearchhere
| stats sum(field*)  count(field*)
| addtotals fieldname=Sum sum*
| addtotals fieldname=Count count*
| eval Average = Sum / Count

I am not sure if it will work. I wasn't able to try it. But I think that the addtotals command will help.

lguinn2 · ‎01-11-2013

Try this:

yoursearchhere
| stats sum(field*)  count(field*)
| addtotals fieldname=Sum sum*
| addtotals fieldname=Count count*
| eval Average = Sum / Count

I am not sure if it will work. I wasn't able to try it. But I think that the addtotals command will help.

helge · ‎01-11-2013

Awesome, thanks!

Average of unknown number of fields