Solved: Re: How can i do Subtraction cycle?

chengyu · ‎03-06-2016

Hi, I have calculate avg values, but i want do subtraction cycle like

values=1,2,5,7,10;sum=25;avg=5

show:

5-1=4
5-2=3
5-5=0
5-7=-2
5-10=-5

How can i do? Thanks.

fdi01 · ‎03-07-2016

...| eventstats avg (values) as avg | eval your_field_name = avg - values | ...

View solution in original post

chengyu · ‎03-07-2016

My splunk search command:
sourcetype=stream:http | streamstats avg(bytes_in) as avg by src_ip | eval minus = avg - bytes_in | table minus,avg,bytes_in,src_ip

chimell · ‎03-07-2016

Hi

Try this search code

......|stats avg(values) as avg1 , sum(values) as sum1|fillnull value=avg1  avg1|eval subtraction_field=avg1-values |eval avg1."-"values."=".subtraction_field

fdi01 · ‎03-07-2016

...| eventstats avg (values) as avg | eval your_field_name = avg - values | ...

How can i do Subtraction cycle?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation