try this!
index=aap_prod sourcetype="ECS:PROD:CATALINA" (ECSSearchType=autocomplete OR ECSSearchType=search)| timechart span=d count(ECSSearchType) as count|stats avg(count)
try this!
index=aap_prod sourcetype="ECS:PROD:CATALINA" (ECSSearchType=autocomplete OR ECSSearchType=search)| timechart span=d count(ECSSearchType) as count|stats avg(count)
Thanks for the reply.
So heres the thing. The total count for last 24 hours is 307 and the average for last 24 hours is 153
How is it calculating the average.
should it not be the " total/number of day" ?
This is because the past 24 hours is over two days.
| timechart span=d count(ECSSearchType) as count
_time,count
10/2,1
10/3,2
10/4,3
10/5,4
10/6,5
10/7,6
10/8,7
|stats avg(count)
(1+2+3+4+5+6+7)/7day
This is because the past 24 hours is over two days.
timechart span=d count(ECSSearchType) as count |
---|
10/02 100
10/03 101
10/04 102
10/05 103
10/06 104
10/07 105
10/08 106
|stats avg(count)
(100+101+102+103+104+105+106)/7(day)
However, there are cases such as the following.
10/02 100
10/03 101
10/06 104
10/07 105
10/08 106
|stats avg(count)
(100+101+104+105+106)/5(day)