I get this error:

Error in 'eval' command: The expression is malformed.

@ebs 

I tried this. 

index=_internal 
| eval response_time=date_hour + 0.30303
| stats avg(eval(round(response_time,2))) as avg_response_time

Can you please share your search ? 

Here is an example of what i mean and reason i decided to revisit this topic

| stats avg(eval(round(TX,1))) as avg1 avg(TX) as avg2

output

The issue with doing it this way is you're rounding before you average it. This works if you already have values that need to be rounded and then you average that. I used values(eval(round to  round and aggregate into mv for unique values and it works well. I have not been able to find a way with stat, operation and round because it seems like eval needs to go after stats operation which defeats the purpose of a the average.

I could be missing something so if anyone found a way please post as that would save me an extra line almost every time i write a dashboard.

Not sure what the issue is here.

stats avg will compute the average of the values found in each event and give you an unrounded result. 

stats avg(eval(round(val, 0))) will round the value before giving it to the avg() aggregation. so if you have three events with values 3.3, 3.4 and 4.4, then it will take the average of 3+3+4 (10), which will give you 3.33333333 - again, an unrounded result. 

| makeresults 
| eval value = split("3.3,3.4,4.4", ",")
| mvexpand value
| eventstats avg(eval(round(value, 0))) as avg
| stats avg(value) as v values(avg) as avg
| eval r_v=round(v), r_avg=round(avg)

If you want to get a rounded value from your average, the round after the stats, as in the accepted solution, i.e. 

Can you clarify what you mean by defeating the purpose

---

@mal11 wrote:

eval needs to go after stats operation which defeats the purpose of a the average.