Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get an average per day

tefa627
Explorer
‎10-07-2020 10:26 AM

I am trying to get an average for the last (x) days for a that specific day and hour. 

This search lists a count for the current day. I am trying to achieve an average for a specific field for the last 5 Mondays or Tuesdays or Wednesday..etc.  So if today was Monday, the first value, AL-A at 00, would be the average of the past (x) Mondays at 00 for AL-A.

index=net_auth_long
| eval time_hour=strftime(_time,"%H")
| chart count over channel by time_hour limit=30

 

 
 

example.PNG

Labels (1)
Labels
Tags (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-07-2020 11:35 AM

See if this helps.  

index=_internal earliest=-5w@d
| eval today=lower(strftime(now(),"%a"))
| eval dow=lower(strftime(_time, "%a"))
| where today=dow
| timechart span=1w avg(specifiField) by channel
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

tefa627
Explorer
‎11-04-2020 01:38 PM

What goes in specific field? I need it to be count by haven't use a count command.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

Splunk initially announced the removal of Python 2 during the release of Splunk Enterprise 8.0.0, aiming to ...

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

co-authored by Yiyun Zhu & Dan Hosaka Engaging with the Community at .conf24 At .conf24, we revitalized the ...

Detect and Resolve Issues in a Kubernetes Environment

We’ve gone through common problems one can encounter in a Kubernetes environment, their impacts, and the ...