Solved: How do I filter based on average over time

huan_an · ‎03-19-2022

query 
| bin _time span=30m 
| chart avg(throughput) by _time server

Hi, I want only the avg(throughput) by _time server values that exceed a certain number to be shown. I tried multiple different ways and came up with broken queries/queries that return empty results like the following:

# broken query
| where avg(throughput) by _time server > 80

# no results found
| search avg(throughput) by _time server > 80

# broken query
| rename avg(throughput) by _time server as avgthroughput
| where avgthroughput > 80

Would appreciate suggestions! Thank you.

P.S. Splunk beginner

ITWhisperer · ‎03-19-2022

Does something like this work for you?

query 
| bin _time span=30m 
| stats avg(throughput) as avgthroughput by _time server
| where avgthroughput > 80
| xyseries _time server avgthroughput

View solution in original post

ITWhisperer · ‎03-19-2022

Does something like this work for you?

query 
| bin _time span=30m 
| stats avg(throughput) as avgthroughput by _time server
| where avgthroughput > 80
| xyseries _time server avgthroughput

How do I filter based on average over time

chart

stats

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?