Splunk Search

How to edit my search to find the average and max duration per event?

New Member

I have these results from search result |table event_name duration

event_name    duration
task1                 2
task2                 3
task3                 8
task1                 3
task2                 6
task4                 5

I want to average and max duration of each event

something like this

event_name avgDuration maxDuration
task1          2.5          3
task2          4.5          6
task3          8            8
task3          5            5
0 Karma

Splunk Employee
Splunk Employee

@skhprabu - Did the answer provided by richgalloway help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

0 Karma


It would help to see your full search, but this may help you.

your search | stats avg(duration) as avgDuration max(duration) as maxDuration by event_name | table event_name avgDuration maxDuration
If this reply helps you, an upvote would be appreciated.