Solved: Re: Average sessions per hour

alaking · ‎10-02-2015

I am trying to calculate the average number of sessions per hour based on "off hours" 5pm to 9 am. I have the time range and events, I just need to do the math.
This returns an empty result set:
Search here | stats count(sessionid) as total2 | stats avg(total2) by date_hour

This returns a time chart but it's averaging the values of sessionid (which is a numeric field):
Search here | timechart span=24h per_hour(sessionid) as AvgPerHour

and finally, this returns the count per hour as expected but I'm at a loss as to how to average based on this count:
search here | stats count(sessionid) by date_hour

Thanks in advance for reading.

woodcock · ‎10-03-2015

You need to chain 2 stats commands like this:

search here | bucket _time span=1h | stats dc(sessionid) AS sessionIds by _time | stats avg(sessionids)

Run this with a timepicker value that spans many hours.

View solution in original post

woodcock · ‎10-03-2015

You need to chain 2 stats commands like this:

search here | bucket _time span=1h | stats dc(sessionid) AS sessionIds by _time | stats avg(sessionids)

Run this with a timepicker value that spans many hours.

alaking · ‎10-03-2015

This works! Thank you for the speedy reply, I'm still trying to grasp the complexity of the search language.

Average sessions per hour

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud