Getting Column averages - Splunk Community

Splunk Search

Hi,

I know we have addcoltotals if we want to get total for the specified column. Do we have any function or any way of getting the average of the columns? So the output should be like below.

Thanks for your help.

JVM avg(RT)

xxxxxx506 0.449303
xxxxxx507 0.317825
xxxxxx508 0.414942
xxxxxx509 0.527246
xxxxxx510 0.425269
xxxxxx511 0.423184
xxxxxx512 0.532729
xxxxxx513 0.495364
Average 0.456

Try this

yoursearchhere
| stats avg(RT) as "Avg RT by JVM"by JVM
| eventstats avg(RT) as overallAverage

This doesn't look like the output you describe, but it will work and it is pretty efficient.
To get exactly what you want, you could do the following, although it takes twice as long:

yoursearchhere
| stats avg(RT) by JVM
| append [ search yoursearchhere
    | stats avg(RT) 
    | eval JVM="Average" ]

Let me know if this doesn't work...

Hi,

Thank you 2nd one worked fine. But first one, i had to chage it little bit..i have it like this..

yoursearchhere
| stats avg(RT) as "Avg RT by JVM" by JVM
| eventstats avg(Avg RT by JVM) as overallAverage

is that correct?

I will try and let you know. Thank you so much.

Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...