Getting Column averages - Splunk Community

Splunk Search

Hi,

I know we have addcoltotals if we want to get total for the specified column. Do we have any function or any way of getting the average of the columns? So the output should be like below.

Thanks for your help.

JVM avg(RT)

xxxxxx506 0.449303
xxxxxx507 0.317825
xxxxxx508 0.414942
xxxxxx509 0.527246
xxxxxx510 0.425269
xxxxxx511 0.423184
xxxxxx512 0.532729
xxxxxx513 0.495364
Average 0.456

Try this

yoursearchhere
| stats avg(RT) as "Avg RT by JVM"by JVM
| eventstats avg(RT) as overallAverage

This doesn't look like the output you describe, but it will work and it is pretty efficient.
To get exactly what you want, you could do the following, although it takes twice as long:

yoursearchhere
| stats avg(RT) by JVM
| append [ search yoursearchhere
    | stats avg(RT) 
    | eval JVM="Average" ]

Let me know if this doesn't work...

Hi,

Thank you 2nd one worked fine. But first one, i had to chage it little bit..i have it like this..

yoursearchhere
| stats avg(RT) as "Avg RT by JVM" by JVM
| eventstats avg(Avg RT by JVM) as overallAverage

is that correct?

I will try and let you know. Thank you so much.

Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...