Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to calculate Weighted Average
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tac24
New Member
07-28-2016
11:40 PM
After the base search such as:
......
| stats sum(r1) as t_r1 sum(r2) as t_r2 sum(duras) as total_dura c(member) as samples by group
| eval ratio1 = t_r1/total_dura
| eval ratio2 = t_r2/total_dura
| table group ratio1 ratio2 samples
I got the table like below:
group ratio1 ratio2 samples
---------------------------------------------------------------
A 0.8 0.2 100
B 0.3 0.7 50
C 0.5 0.5 300
Then, I can calculate simple average over group by: | stats avg(ratio1) avg(ratio2) .
Could someone help me how to calculate weighted average by using samples?
i.e., the weight for A is 100/(100+50+300), B is 50/(100+50+300),...
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
07-29-2016
12:47 AM
You can use eventstats to achieve this
|eventstats sum(samples) as total | eval weighted_avg=samples/total
You can use by clause in eventstats to group the records
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tac24
New Member
07-29-2016
02:28 AM
Thank you very much, it worked!
Excuse me, my question is rather ambiguous. I would like to add something for beginners like me...
To get weighted-average finally, after eventstats, the following commands can be added.
| eval w_avg_of_ratio1_per_group = ratio1*samples/total
| stats sum(w_avg_of_ratio1_per_group) as w_avg_of_ratio1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
07-29-2016
12:47 AM
You can use eventstats to achieve this
|eventstats sum(samples) as total | eval weighted_avg=samples/total
You can use by clause in eventstats to group the records
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
Get Updates on the Splunk Community!
Tech Talk Recap | Mastering Threat Hunting
Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...
Observability for AI Applications: Troubleshooting Latency
If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
