Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to calculate moving average based on 2 fields?

ADRIANODL
Explorer
‎09-30-2018 07:49 PM

Hi Splunkers,
Suppose I have 2 values in my seach:

Date, # of items purchased, UnitPrice
Day1, 4, 0.12
Day2, 10, 0.10
Day3, 25, 0.19
Day4, 100, 0.15

I want to calculate the average item price throughout time. I hope this question makes sense.

Cheers,

Tags (1)
0 Karma
Reply

himpor
Engager
‎03-05-2019 03:59 AM

base query
| eval purchase_price = (unit_price * no_of_items)
| stats avg(purchase_price)

0 Karma
Reply

himpor
Engager
‎02-27-2019 09:30 AM

[your search ] | eval purchaseprice = (item_no * unit_price) | eval total_items = sum(item_no) | eval totalpurchaseval = sum(purchaseprice) | eval averageitemprice= totalpurchaseval/total_items

0 Karma
Reply

493669
Super Champion
‎09-30-2018 09:05 PM

If you want avg for item price then try below-

|eventstats avg(UnitPrice) as avg|eval avg=round(avg,2)
0 Karma
Reply

ADRIANODL
Explorer
‎10-01-2018 02:05 AM

Sorry but this doesn't solve my problem since the average I want to calculate is derived from # of items purchased AND UnitPrice.

0 Karma
Reply

493669
Super Champion
‎10-01-2018 02:31 AM

@ADRIANODL, So what is the expected output?
like for # of items purchased=4 and UnitPrice=0.12 then how avg is required to be calculated?

0 Karma
Reply

ADRIANODL
Explorer
‎10-01-2018 05:50 AM

Hi mate,
If for example, I buy 4 apples for 2 dollars each on day one, and 6 apples for 3 dollars each on day two, the average cost of my apples is calculated somehow like that:

Total average is ((4 x$2) + (6 x $3))/(4+6) = 2.6 dollars average per apple.

Now imagine I have X number of days, with different amounts of apples, and different value amounts).

I'm having a hard time translating this equation into splunk commands.

0 Karma
Reply

493669
Super Champion
‎10-01-2018 06:11 AM

try this run anywhere search-

| makeresults |eval  apple=4,price=2|append[| makeresults |eval  apple=6,price=3]|eval product=apple*price|eventstats sum(apple) as sumApple, sum(product) as sumproduct|eval avg=sumproduct/sumApple|fields apple price avg
0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...