Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

Calculate a number from each entry and present the average of all entries

thewho123
Explorer
‎05-19-2016 06:07 PM

I have the entries below from different sessions:

sessionId="001" data="[{message=timing_stats, data=[{beginF=1550652.855, endF=1550719.130001}, {beginF=1565741, endF=1565787}, {beginF=1574747, endF=1574782}]}]" 

sessionId="002" data="[{message=timing_stats, data=[{beginF=1510652.855, endF=1550719.1001}, {beginF=1865741.4500000002, endF=1565787.645}, {beginF=1974747.655, endF=1974782.6050000002}]}]"

What I want to do is to calculate endF-beginF for each object in the data array. In this case I would have 3 from the session 001 and 3 from session 002. Then I would like to show the average of the six numbers in a graph. How would I accomplish this? -Thanks.

0 Karma
Reply
Highlighted

Re: Calculate a number from each entry and present the average of all entries

sundareshr
Legend
‎05-19-2016 07:14 PM

Try this

your base search | rex max_match=0 "beginF=(?<begin>\d+\.?\d*),\sendF=(?<end>\d+\.?\d*)" | eval z=mvzip(begin, end) | mvexpand z | rex field=z "^(?<begin>[^,]+),(?<end>.*)$" | stats count avg(begin) AS begin avg(end) AS end by sessionId
Reply
Highlighted

Re: Calculate a number from each entry and present the average of all entries

thewho123
Explorer
‎05-20-2016 10:52 AM

Hi,
This creates a table with sessionId, count, begin, end columns. I needed the average of endF (minus) beginF from each object and calculate their average.

0 Karma
Reply
Highlighted

Re: Calculate a number from each entry and present the average of all entries

sundareshr
Legend
‎05-20-2016 11:06 AM

This should give you that...

your base search | rex max_match=0 "beginF=(?<begin>\d+\.?\d*),\sendF=(?<end>\d+\.?\d*)" | eval z=mvzip(begin, end) | mvexpand z | rex field=z "^(?<begin>[^,]+),(?<end>.*)$" | eval diff=end-begin | stats count avg(begin) AS begin avg(end) AS end avg(diff) as diff by sessionId
0 Karma
Reply
Highlighted

Re: Calculate a number from each entry and present the average of all entries

thewho123
Explorer
‎05-25-2016 06:22 PM

I am trying to calculate each pair separately. {beginF=1550652.855, endF=1550719.130001} and then get average of each calculated value
These will be timing values so (total beginF - total endF) will not work..

0 Karma
Reply