Splunk Search
Highlighted

How to get average of all the summed values?

Explorer

Hi,

I am trying to sum up all the field values grouped by a field value(suppose fieldA) in my initial query and I got a table format grouped by the fieldA and the sum adjacent to each fieldA values. Please refer to the sample below of what my result looks like for the query I run i.e. sourcetype="pfaduit" success NOT SLO NOT OIDC adapterid=* |stats sum(responsetime) as "Total transaction time" by tid

tid:--37c0eKuTSWXpY-UzVEk-jqiAY                           172
tid:--68NI1mHOZKHASRvcX7sAOr5wk                           1937
tid:--7MWVx1vxrdiM_JHAwfutRmhPM                           794
tid:--H5vkWYeGbKoaSGvWOoopV_4ls                           376
tid:--SG6xWW_efHRsWKkfkZBc-W4tk                           767
tid:--ehyUNfx6WAk87KRpUkPtfGznk                           234
tid:--geBC5RN3WRp6FSPG4NRBHNdPc                           642
tid:--ji7I3wuIJMue8OpxPgIuqpRcA                           772
tid:--kaI_bi5DqFevhT3am6D-IA6wA                           518
tid:--lDGH10oApyn_L1dMcaN_fZ1EM                           484

Now, I want to find the average of above values and get a single value as output and display it when I run this report. Can you please help me achieve it?

Thanks in advance.

0 Karma
Highlighted

Re: How to get average of all the summed values?

Communicator
sourcetype="pfaduit" success NOT SLO NOT OIDC adapterid=* |stats sum(responsetime) as "Total transaction time" by tid | stats avg("Total transaction time") as "Average transaction time"

View solution in original post

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.