Splunk Search

How to edit my search to find the average and max duration per event?

New Member

I have these results from search result |table event_name duration

event_name    duration
task1                 2
task2                 3
task3                 8
task1                 3
task2                 6
task4                 5

I want to average and max duration of each event

something like this

event_name avgDuration maxDuration
task1          2.5          3
task2          4.5          6
task3          8            8
task3          5            5
0 Karma

Splunk Employee
Splunk Employee

@skhprabu - Did the answer provided by richgalloway help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

0 Karma


It would help to see your full search, but this may help you.

your search | stats avg(duration) as avgDuration max(duration) as maxDuration by event_name | table event_name avgDuration maxDuration
If this reply helps you, an upvote would be appreciated.
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!