Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do you find the average count within a time ra...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do you find the average count within a time range?
I have the following search that shows users who are continuously being infected over a 30 day period:
index=foo
| stats count range(_time) as TimeRange by user src app app:category app:subcategory threat url
| where TimeRange>1800
| where NOT zone="null"
| eval TimeRange_In_Hours = round(TimeRange/3600,2), TimeRange_In_Days = round(TimeRange/3600/24,2)
is it possible to show the avg count within the time range being returned per user?
Thx
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What average do you want to calculate?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If possible, the avg hits within the TimeRange_In_Hours
Thx
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So avg number of hits per hour? If count is the total number of hits, just do | eval avg_hits = count / TimeRange_In_Hours. Or am I not understanding your objective?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That was it - I was overthinking the issue when it ended being very simple
Thx!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can we have some sample output, with example/dummy data?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure thing:
user src app app:category app:subcategory threat url count TimeRange TimeRange_In_Days TimeRange_In_Hours
jdoe x.x.x.x web-browsing general-internet internet-utility Virus/Win32.WGeneric.pppda(195251778) AliMiserUpdate.exe 4 2703 0.03 0.75
msmith x.x.x.x web-browsing general-internet internet-utility Virus/Win32.WGeneric.pppda(195251778) AliMiserUpdate.exe 7 7931 0.09 2.2
rjones x.x.x.x web-browsing general-internet internet-utility Generic User-Agent Traffic(10015) www.cnki.net/elearning/JournalMgr/JConfig.ini 3 23714 0.27 6.59
mhammer x.x.x.x web-browsing general-internet internet-utility Veil-Evasion Payload Detected(39480) openblas_warpper.dll 13 5853 0.07 1.63
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
