Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I add an extra row to calculate the average of the rows above?

BobKimata
Path Finder
‎03-30-2015 05:38 PM

I have connected to my database using Splunk DBConnect and using a simple sql query I have managed to get some data from the table. However I would like to have just one entry displayed that contains the average of the data above. How do I go about that? I am new to splunk.

Tags (2)
Reply

jawaharas
Motivator
‎03-11-2019 06:34 PM

This works for me.

..| timechart span=1d count|appendpipe [stats avg(count) as Average]

Thanks to @echalex

0 Karma
Reply

echalex
Builder
‎08-03-2018 04:15 AM

The correct command for this would be appendpipe.

Say you have something like: ...|stats sum(score) AS totalscore by item. Then you can do this: ...|appendpipe [stats avg(totalscore) AS totalscore |eval item="AVERAGE"]. (You need to use AS in appendpipe in order to put the average in the same column. You can leave item empt, if you want.)

Reply

vganjare
Builder
‎03-30-2015 11:08 PM

Hi,

You can try using search command addcoltotals.

Thanks!!

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...