Solved: Help writing a condition for taking out average

splunkuseradmin · ‎06-25-2019

Hi all,
I need help in taking out “avg(“Participant”)” that is using calldevice1.   I need to write a condition here.
Explanation: In the below table, for every conference, we have multiple “participant” using some device.  So we have a field name “calldevice1 duration” which is (0 or > 0)(in minutes) so need to write a statement or condition to take out an “avg(“Participant”)” by taking “voip duration” > 0 as 1 and “calldevice1 duration” = 0 as 0.

Thanks.

jnudell_2 · ‎06-25-2019

Hi @splunkuseradmin ,
You can try the following search:



... [ your base search ] ...

| eventstats avg(eval(if('VoIP Duration' > 0, 1, 0))) as "Average" by ConferenceID

I'm not sure that's what you're trying to get, but that gives you the number you've specified in your question.

View solution in original post

jnudell_2 · ‎06-25-2019

Hi @splunkuseradmin ,
You can try the following search:



... [ your base search ] ...

| eventstats avg(eval(if('VoIP Duration' > 0, 1, 0))) as "Average" by ConferenceID

I'm not sure that's what you're trying to get, but that gives you the number you've specified in your question.

Help writing a condition for taking out average

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation