Solved: Calculate the average of count per day

JyotiP · ‎09-04-2019

I am fetching production data like the number of completed for the last 7 days for different procustion customer and I want to find the average order per production customer per day, I have used the following query but it is giving me the blank value in the average column

 Level = "INFO" PartnerToken IN ("ProductionTenant1","ProductionTenant2","ProductionTenant3","ProductionTenant4","ProductionTenant5","ProductionTenant6")
 OperationName="Complete Order" 
 | dedup OperationId 
 | stats avg(count) as count by PartnerToken

Sukisen1981 · ‎09-04-2019

hi @JyotiP
You don't need an avg(count)
| stats count as avg_count by PartnerToken

Basically the count by the partnertken is the average, since the partnertoken's are distinct.
its like sum (2)= avg(2/1)

View solution in original post

Sukisen1981 · ‎09-04-2019

hi @JyotiP
You don't need an avg(count)
| stats count as avg_count by PartnerToken

Basically the count by the partnertken is the average, since the partnertoken's are distinct.
its like sum (2)= avg(2/1)

JyotiP · ‎09-05-2019

@Sukisen1981: But for ProductionTenant5 I am getting count is 40 and this is total order placed by the customer in the last 7 days, according to the math is should be 40/7 which is ~5.7

Sukisen1981 · ‎09-05-2019

the problem with your code is when you do an avg(count) in stats, there is no count field to do an average of.
if you do something like - |stats count as xxx by yyy|stats avg(xxx) by yyyy
you will get results, but when you try to do an avg(count) in the first stat, there is no count field at all as it is not a auto extracted field.
assuming you are running the query for the last 7 days, you can try this
| timechart span=7d avg(count) as avg_count by PartnerToken

Calculate the average of count per day

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!