Splunk Search

How to edit my search to get a weighted average based on total event count?

vernak2539
New Member

New to splunk, so if any more info needs to be provided, please let me know.

I'm trying to get a weighted average, but I cannot seem to get the total number of events.

The search I'm running is below

... | STATS count, median(request_time) by request

The count is equal to the count of the "requests". I would like it to be equal to the count of the total events so I can use it later in the search. I've tried almost everything I can think of and most things about weighted averages on this forum. Any help would be much appreciated.

0 Karma
1 Solution

cmerriman
Super Champion
...|eventstats count as total | stats max(total) as totalEvents count, median(request_time) by request

that would bring back the total events and then the count of events by request. is that what you're looking for?

View solution in original post

0 Karma

cmerriman
Super Champion
...|eventstats count as total | stats max(total) as totalEvents count, median(request_time) by request

that would bring back the total events and then the count of events by request. is that what you're looking for?

0 Karma

vernak2539
New Member

you are a lifesaver!

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...