Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I add an extra row to calculate the average of the rows above?

BobKimata
Path Finder
‎03-30-2015 05:38 PM

I have connected to my database using Splunk DBConnect and using a simple sql query I have managed to get some data from the table. However I would like to have just one entry displayed that contains the average of the data above. How do I go about that? I am new to splunk.

Tags (2)
Reply

jawaharas
Motivator
‎03-11-2019 06:34 PM

This works for me.

..| timechart span=1d count|appendpipe [stats avg(count) as Average]

Thanks to @echalex

0 Karma
Reply

echalex
Builder
‎08-03-2018 04:15 AM

The correct command for this would be appendpipe.

Say you have something like: ...|stats sum(score) AS totalscore by item. Then you can do this: ...|appendpipe [stats avg(totalscore) AS totalscore |eval item="AVERAGE"]. (You need to use AS in appendpipe in order to put the average in the same column. You can leave item empt, if you want.)

Reply

vganjare
Builder
‎03-30-2015 11:08 PM

Hi,

You can try using search command addcoltotals.

Thanks!!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...