Solved: How to get average for some fields but not all?

huan_an · ‎03-23-2022

Hi,

I would like to get the average of multiple fields in the same row but not all, would anyone be able to advise on this?

query
| chart latest(time_taken) by process server

# Results

Process	Local-1	Local-2	Avg(Local)	Remote-1	Remote-2
A	1	2	1.5	2	2
B	1	3	2	3	3

I would like to add an Avg(Local) field which gives me the average time taken by the processes running on Local-1 and Local-2.

Appreciate any suggestions, thanks!

ITWhisperer · ‎03-24-2022

| foreach Local-*
    [| eval count=count+1
    | eval total=total+'<<FIELD>>']
| eval "Avg(Local)"=total/count

View solution in original post

ITWhisperer · ‎03-24-2022

| foreach Local-*
    [| eval count=count+1
    | eval total=total+'<<FIELD>>']
| eval "Avg(Local)"=total/count

huan_an · ‎03-25-2022

Thanks! This made me realise that we can iterate through columns by referencing the column names!

It somehow didn't work at first but after viewing a few more posts, I realised I just had to initialise count and total before the for each loop for the query to work.

How to get average for some fields but not all?

chart

stats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!