Getting Column averages - Splunk Community

Splunk Search

Hi,

I know we have addcoltotals if we want to get total for the specified column. Do we have any function or any way of getting the average of the columns? So the output should be like below.

Thanks for your help.

JVM avg(RT)

xxxxxx506 0.449303
xxxxxx507 0.317825
xxxxxx508 0.414942
xxxxxx509 0.527246
xxxxxx510 0.425269
xxxxxx511 0.423184
xxxxxx512 0.532729
xxxxxx513 0.495364
Average 0.456

Try this

yoursearchhere
| stats avg(RT) as "Avg RT by JVM"by JVM
| eventstats avg(RT) as overallAverage

This doesn't look like the output you describe, but it will work and it is pretty efficient.
To get exactly what you want, you could do the following, although it takes twice as long:

yoursearchhere
| stats avg(RT) by JVM
| append [ search yoursearchhere
    | stats avg(RT) 
    | eval JVM="Average" ]

Let me know if this doesn't work...

Hi,

Thank you 2nd one worked fine. But first one, i had to chage it little bit..i have it like this..

yoursearchhere
| stats avg(RT) as "Avg RT by JVM" by JVM
| eventstats avg(Avg RT by JVM) as overallAverage

is that correct?

I will try and let you know. Thank you so much.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...