Change hour interval to days and replace the value...

sndpgiri · ‎10-01-2021

I have a column that has events recorded in an interval of 1 hour.

Example:

Date Value

2010-1-1 1:00 20

2010-1-1 2:00 22

2010-1-1 3:00 21

2010-1-1 4:00 19

2010-1-1 5:00 16

............................... ........

2010-1-1 24:00 12

I want to group this as one row i.e display in the following format

Date Value

2010-1-1 Calculate average of 24 values

I want to achieve this in splunk

ITWhisperer · ‎10-01-2021

| bin date span=1d
| stats avg(Value) as average by date

Note that date needs to be an epoch datetime so you may need to strptime first if you don't already have it in this format

sndpgiri · ‎10-01-2021

No Luck! It will display all the 24 time interval instead of showing 1 event for those 24 rows.

ITWhisperer · ‎10-01-2021

It sounds like date is not an epoch datetime - try replacing bin with strptime

| eval date=strptime(date,"%Y-%m-%d")

Change hour interval to days and replace the value with average