Hi, I have calculate avg values, but i want do subtraction cycle like
values=1,2,5,7,10;sum=25;avg=5
show:
5-1=4 5-2=3 5-5=0 5-7=-2 5-10=-5
How can i do? Thanks.
...| eventstats avg (values) as avg | eval your_field_name = avg - values | ...
View solution in original post
My splunk search command: sourcetype=stream:http | streamstats avg(bytes_in) as avg by src_ip | eval minus = avg - bytes_in | table minus,avg,bytes_in,src_ip
Hi
Try this search code
......|stats avg(values) as avg1 , sum(values) as sum1|fillnull value=avg1 avg1|eval subtraction_field=avg1-values |eval avg1."-"values."=".subtraction_field
