Solved: How do I filter based on average over time

huan_an · ‎03-19-2022

query 
| bin _time span=30m 
| chart avg(throughput) by _time server

Hi, I want only the avg(throughput) by _time server values that exceed a certain number to be shown. I tried multiple different ways and came up with broken queries/queries that return empty results like the following:

# broken query
| where avg(throughput) by _time server > 80

# no results found
| search avg(throughput) by _time server > 80

# broken query
| rename avg(throughput) by _time server as avgthroughput
| where avgthroughput > 80

Would appreciate suggestions! Thank you.

P.S. Splunk beginner

ITWhisperer · ‎03-19-2022

Does something like this work for you?

query 
| bin _time span=30m 
| stats avg(throughput) as avgthroughput by _time server
| where avgthroughput > 80
| xyseries _time server avgthroughput

View solution in original post

ITWhisperer · ‎03-19-2022

Does something like this work for you?

query 
| bin _time span=30m 
| stats avg(throughput) as avgthroughput by _time server
| where avgthroughput > 80
| xyseries _time server avgthroughput

How do I filter based on average over time

chart

stats

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation