Splunk Search

Finding Average of Time Column


How do we find the average of a table column filled with time values?

Labels (1)
Tags (2)
0 Karma

Ultra Champion


index=_internal sourcetype=splunkd*
| timechart span=1h count by sourcetype
| untable _time sourcetype count
| eventstats avg(count) as average by sourcetype

try untable and eventstats after timechart 

0 Karma