Getting Column averages - Splunk Community

Splunk Search

Hi,

I know we have addcoltotals if we want to get total for the specified column. Do we have any function or any way of getting the average of the columns? So the output should be like below.

Thanks for your help.

JVM avg(RT)

xxxxxx506 0.449303
xxxxxx507 0.317825
xxxxxx508 0.414942
xxxxxx509 0.527246
xxxxxx510 0.425269
xxxxxx511 0.423184
xxxxxx512 0.532729
xxxxxx513 0.495364
Average 0.456

Try this

yoursearchhere
| stats avg(RT) as "Avg RT by JVM"by JVM
| eventstats avg(RT) as overallAverage

This doesn't look like the output you describe, but it will work and it is pretty efficient.
To get exactly what you want, you could do the following, although it takes twice as long:

yoursearchhere
| stats avg(RT) by JVM
| append [ search yoursearchhere
    | stats avg(RT) 
    | eval JVM="Average" ]

Let me know if this doesn't work...

Hi,

Thank you 2nd one worked fine. But first one, i had to chage it little bit..i have it like this..

yoursearchhere
| stats avg(RT) as "Avg RT by JVM" by JVM
| eventstats avg(Avg RT by JVM) as overallAverage

is that correct?

I will try and let you know. Thank you so much.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...