Splunk Search

Finding Average of Time Column

Explorer

How do we find the average of a table column filled with time values?

Labels (1)
Tags (2)
0 Karma

Ultra Champion

sample:

index=_internal sourcetype=splunkd*
| timechart span=1h count by sourcetype
| untable _time sourcetype count
| eventstats avg(count) as average by sourcetype

try untable and eventstats after timechart 

0 Karma