Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get average of all the summed values?

rakeshyv0807
Explorer
‎03-07-2018 12:52 PM

Hi,

I am trying to sum up all the field values grouped by a field value(suppose fieldA) in my initial query and I got a table format grouped by the fieldA and the sum adjacent to each fieldA values. Please refer to the sample below of what my result looks like for the query I run i.e. sourcetype="pfaduit" success NOT SLO NOT OIDC adapterid=* |stats sum(responsetime) as "Total transaction time" by tid

tid:--37c0eKuTSWXpY-UzVEk-jqiAY                           172
tid:--68NI1mHOZKHASRvcX7sAOr5wk                           1937
tid:--7MWVx1vxrdiM_JHAwfutRmhPM                           794
tid:--H5vkWYeGbKoaSGvWOoopV_4ls                           376
tid:--SG6xWW_efHRsWKkfkZBc-W4tk                           767
tid:--ehyUNfx6WAk87KRpUkPtfGznk                           234
tid:--geBC5RN3WRp6FSPG4NRBHNdPc                           642
tid:--ji7I3wuIJMue8OpxPgIuqpRcA                           772
tid:--kaI_bi5DqFevhT3am6D-IA6wA                           518
tid:--lDGH10oApyn_L1dMcaN_fZ1EM                           484

Now, I want to find the average of above values and get a single value as output and display it when I run this report. Can you please help me achieve it?

Thanks in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

davpx
Communicator
‎03-07-2018 01:07 PM 
sourcetype="pfaduit" success NOT SLO NOT OIDC adapterid=* |stats sum(responsetime) as "Total transaction time" by tid | stats avg("Total transaction time") as "Average transaction time"

View solution in original post

Reply
Solved! Jump to solution
Solution

davpx
Communicator
‎03-07-2018 01:07 PM 
sourcetype="pfaduit" success NOT SLO NOT OIDC adapterid=* |stats sum(responsetime) as "Total transaction time" by tid | stats avg("Total transaction time") as "Average transaction time"
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...