- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to calculate moving average based on 2 fie...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to calculate moving average based on 2 fields?
Hi Splunkers,
Suppose I have 2 values in my seach:
Date, # of items purchased, UnitPrice
Day1, 4, 0.12
Day2, 10, 0.10
Day3, 25, 0.19
Day4, 100, 0.15
I want to calculate the average item price throughout time. I hope this question makes sense.
Cheers,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
base query
| eval purchase_price = (unit_price * no_of_items)
| stats avg(purchase_price)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[your search ] | eval purchaseprice = (item_no * unit_price) | eval total_items = sum(item_no) | eval totalpurchaseval = sum(purchaseprice) | eval averageitemprice= totalpurchaseval/total_items
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want avg for item price then try below-
|eventstats avg(UnitPrice) as avg|eval avg=round(avg,2)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry but this doesn't solve my problem since the average I want to calculate is derived from # of items purchased AND UnitPrice.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ADRIANODL, So what is the expected output?
like for # of items purchased=4 and UnitPrice=0.12 then how avg is required to be calculated?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi mate,
If for example, I buy 4 apples for 2 dollars each on day one, and 6 apples for 3 dollars each on day two, the average cost of my apples is calculated somehow like that:
Total average is ((4 x$2) + (6 x $3))/(4+6) = 2.6 dollars average per apple.
Now imagine I have X number of days, with different amounts of apples, and different value amounts).
I'm having a hard time translating this equation into splunk commands.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try this run anywhere search-
| makeresults |eval apple=4,price=2|append[| makeresults |eval apple=6,price=3]|eval product=apple*price|eventstats sum(apple) as sumApple, sum(product) as sumproduct|eval avg=sumproduct/sumApple|fields apple price avg
Thanks for the Memories! Splunk University, .conf24, and Community Connections
.conf24 | Day 0
Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...
