Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to calculate average of specific fields?

Ashwini008
Builder
‎03-20-2023 11:00 AM

Hi,

I am formatting data as required and getting it in below format. Now I want to calculate average of only highlighted fields in green color i.e. Q1_score PREPAID,Q2_score PREPAID,Q1_score CONSUMER so on

Example Q1_score CONSUMER ,Count by segment value should be 4.50

Ashwini008_0-1679334983161.png

This is last piece of my query

 

 

| addcoltotals COUNT* Q1* Q2* Q3* Total 
| eval Month=coalesce(Month, "Count by Segment")

 

 

 

 Please suggest

Labels (2)
Labels
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ashwini008
Builder
‎03-21-2023 12:37 AM

@somesoni2 @PickleRick  Below code was my fix 

| eval var=1 
| addcoltotals COUNT* Q1* Q2* Q3* var Total 
| foreach Q1_Score* 
    [ eval '<<FIELD>>' = round('<<FIELD>>'/var,2)] 
| foreach Q2_Score* 
    [ eval '<<FIELD>>' = round('<<FIELD>>'/var,2)]

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎03-20-2023 11:57 AM

If the field names are static, you can use eventstats to calculate average of those specific fields like this

Your current search generating those columns
| eventstats avg("Q1_score PREPAID") as "Avg Q1_score PREPAID" ,avg("Q2_score PREPAID") as "Avg Q2_score PREPAID",avg("Q1_score CONSUMER") as "Avg Q1_score CONSUMER"
0 Karma
Reply
Solved! Jump to solution

Ashwini008
Builder
‎03-20-2023 11:21 PM

@somesoni2  This isn't giving me any output,I don't see any additional field being added to the result.

Also, I want to show the average for Q1_score PREPAID & so on in  "count by segment" row i.e. at the bottom row

| eventstats avg("Q1_score PREPAID") as "Avg Q1_score PREPAID" ,avg("Q2_score PREPAID") as "Avg Q2_score PREPAID",avg("Q1_score CONSUMER") as "Avg Q1_score CONSUMER"

 

0 Karma
Reply
Solved! Jump to solution
Solution

Ashwini008
Builder
‎03-21-2023 12:37 AM

@somesoni2 @PickleRick  Below code was my fix 

| eval var=1 
| addcoltotals COUNT* Q1* Q2* Q3* var Total 
| foreach Q1_Score* 
    [ eval '<<FIELD>>' = round('<<FIELD>>'/var,2)] 
| foreach Q2_Score* 
    [ eval '<<FIELD>>' = round('<<FIELD>>'/var,2)]

 

0 Karma
Reply
Solved! Jump to solution

PickleRick
Ultra Champion
‎03-20-2023 11:23 AM

To be fully honest, I don't understand what you want to do. Especially that I don't see any average that should come down to 4.50

But as a general rule, sometimes it's better to do some additional calculations earlier and then aggregate the results in the end instead of - for example - adding totals and then trying to do additional stuff since totals can get in the way.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? &#x1f680; We invite you to join our elite squad ...