Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to find the remove the decimal places of an 2 averages and display each field as a bar on a bar chart

Weng
New Member
‎06-29-2013 12:10 PM

For the following data,

Date=4 June 2013, Result=Win,Ticks=11,Setup=Range Fade, Risk=10, Target=11
.....and more

I would like to find the average for the Risk and Target fields each and to remove the decimal places. I have written the following query:
source="Trading Stats.txt" | search Risk | search Target | stats avg(Risk) as average_risk avg(Target) as average_target
which can display the average of each of the Risk and Target fields but I am unable to get the round function to work.

In addition, I would also like to show the data on a bar chart with the average value of the Risk field as 1 bar and the average value of the Target field as the second bar on the same chart.

How do I do so?

Thanks

Tags (3)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-29-2013 02:23 PM

Try this for rounding and charting:

source="Trading Stats.txt" Risk=* Target=* | chart avg(Risk) as average_risk avg(Target) as average_target by source | eval average_risk = round(average_risk) | eval average_target = round(average_target)

That should give you one row of results with three columns, which can be displayed in a chart - just click the chart button and select bar chart or whatever you need. Note the by source bit, serving as one of the axes of the chart.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-29-2013 04:37 PM

The second argument is optional, implied zero.

0 Karma
Reply

linu1988
Champion
‎06-29-2013 03:10 PM

round takes 2 arguments eval average_risk = round(average_risk,2) | eval average_target = round(average_target,2)

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...