Solved: Help writing a condition for taking out average

splunkuseradmin · ‎06-25-2019

Hi all,
I need help in taking out “avg(“Participant”)” that is using calldevice1.   I need to write a condition here.
Explanation: In the below table, for every conference, we have multiple “participant” using some device.  So we have a field name “calldevice1 duration” which is (0 or > 0)(in minutes) so need to write a statement or condition to take out an “avg(“Participant”)” by taking “voip duration” > 0 as 1 and “calldevice1 duration” = 0 as 0.

Thanks.

jnudell_2 · ‎06-25-2019

Hi @splunkuseradmin ,
You can try the following search:



... [ your base search ] ...

| eventstats avg(eval(if('VoIP Duration' > 0, 1, 0))) as "Average" by ConferenceID

I'm not sure that's what you're trying to get, but that gives you the number you've specified in your question.

View solution in original post

jnudell_2 · ‎06-25-2019

Hi @splunkuseradmin ,
You can try the following search:



... [ your base search ] ...

| eventstats avg(eval(if('VoIP Duration' > 0, 1, 0))) as "Average" by ConferenceID

I'm not sure that's what you're trying to get, but that gives you the number you've specified in your question.

Help writing a condition for taking out average

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

Help writing a condition for taking out average

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases