Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to do average for differents persons

Abarny
Path Finder
‎03-06-2017 01:53 AM

Hi,

I have problem with an average, do you know how i can to do an average enter the max JourP and number where I have the ACResponse 200 but it's not for a single person. I need to do that for 8 persons differents on same times and do an average to this average for got just one number.
(Ex: Moyen= AppelID/max(JourP) where AppelId is 3 and JourP is 5)

alt text

I do that but I have a number truncated because i do average for day max and an average global and not personnal:

| table OCId ACResponse date_wday
| stats dc(date_wday) as nbpres, count as AppeID by ACResponse
| table nbpres,AppeID,ACResponse
| eventstats max(nbpres) as maxJourP
|eval MoyenNoDec=AppeID/maxJourP | where ACResponse="200" | table MoyenNoDec | stats avg(MoyenNoDec)

Thanks for your help

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-06-2017 02:12 AM

Hi Abarny,
sorry but I don't understand your need:
do you want a table like the one in your screenshot?
or do you need to format your number?
If you insert a stats command at the end of your search you have only this value,
if you need to add avg(MoyenNoDec) to your search you have to insert it in the previous stats command or insert with the values option in the last stats command the other values you have, in other words, something like this:
stats values(nbpres) AS nbpres values(AppleID) AS AppleID values(ACResponse) AS ACResponse avg(MoyenNoDec)
why in the last stats command there isn't the BY clause?

In addition, in your search you don't need to insert the table commands between stats commands, in this way your search is slower!

Bye.
Giuseppe.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Abarny
Path Finder
‎03-06-2017 02:28 AM

I want to format a number. On screenshot, it's for one person but every Agent don't work 5 days, I do this table and just an average of all code 200 by maxJourP by Agent.
I want do that for différent person according to maxJourP and get average global.

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-06-2017 02:12 AM

Hi Abarny,
sorry but I don't understand your need:
do you want a table like the one in your screenshot?
or do you need to format your number?
If you insert a stats command at the end of your search you have only this value,
if you need to add avg(MoyenNoDec) to your search you have to insert it in the previous stats command or insert with the values option in the last stats command the other values you have, in other words, something like this:
stats values(nbpres) AS nbpres values(AppleID) AS AppleID values(ACResponse) AS ACResponse avg(MoyenNoDec)
why in the last stats command there isn't the BY clause?

In addition, in your search you don't need to insert the table commands between stats commands, in this way your search is slower!

Bye.
Giuseppe.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎03-06-2017 02:49 AM

Hi Abarny,
OK, you can use appendcols or appendpipe commands

| your_search
| stats dc(date_wday) as nbpres, count as AppeID by ACResponse 
| eventstats max(nbpres) as maxJourP
|eval MoyenNoDec=AppeID/maxJourP 
| where ACResponse="200" 
| appendcols [ your_search | stats avg(MoyenNoDec)]

Bye.
Giuseppe

Reply
Solved! Jump to solution

Abarny
Path Finder
‎03-06-2017 02:54 AM

Thanks you !

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...