Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Calculate the average of count per day

JyotiP
Path Finder
‎09-04-2019 11:33 PM

I am fetching production data like the number of completed for the last 7 days for different procustion customer and I want to find the average order per production customer per day, I have used the following query but it is giving me the blank value in the average column

 Level = "INFO" PartnerToken IN ("ProductionTenant1","ProductionTenant2","ProductionTenant3","ProductionTenant4","ProductionTenant5","ProductionTenant6")
 OperationName="Complete Order" 
 | dedup OperationId 
 | stats avg(count) as count by PartnerToken
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Sukisen1981
Champion
‎09-04-2019 11:47 PM

hi @JyotiP
You don't need an avg(count)
| stats count as avg_count by PartnerToken

Basically the count by the partnertken is the average, since the partnertoken's are distinct.
its like sum (2)= avg(2/1)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Sukisen1981
Champion
‎09-04-2019 11:47 PM

hi @JyotiP
You don't need an avg(count)
| stats count as avg_count by PartnerToken

Basically the count by the partnertken is the average, since the partnertoken's are distinct.
its like sum (2)= avg(2/1)

0 Karma
Reply
Solved! Jump to solution

JyotiP
Path Finder
‎09-05-2019 12:20 AM

@Sukisen1981: But for ProductionTenant5 I am getting count is 40 and this is total order placed by the customer in the last 7 days, according to the math is should be 40/7 which is ~5.7

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎09-05-2019 12:31 AM

the problem with your code is when you do an avg(count) in stats, there is no count field to do an average of.
if you do something like - |stats count as xxx by yyy|stats avg(xxx) by yyyy
you will get results, but when you try to do an avg(count) in the first stat, there is no count field at all as it is not a auto extracted field.
assuming you are running the query for the last 7 days, you can try this
| timechart span=7d avg(count) as avg_count by PartnerToken

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...