How to add a column of averages to a timechart? - Splunk Community

Splunk Search

Similar to how timechart sum() by ip | addtotals which adds a "Totals" Column to a timechart, how can you add an averages column?

I don't think there is a native way to get that. Try this workaround

... timechart sum(..) by ip | eval count=0 | foreach * [eval count=count+1] | addtotals | eval Average=Totals/count

This worked perfect for me

Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Now Available on Microsoft AzureThursday, March 27, 2025 | 11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...