Splunk Search

Finding Average of Time Column

michaelsplunk1
Path Finder

How do we find the average of a table column filled with time values?

Labels (1)
Tags (2)
0 Karma

to4kawa
SplunkTrust
SplunkTrust

sample:

index=_internal sourcetype=splunkd*
| timechart span=1h count by sourcetype
| untable _time sourcetype count
| eventstats avg(count) as average by sourcetype

try untable and eventstats after timechart 

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.