Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to group by and find stats on every X number of events instead of time or bins?

jwf
New Member
‎12-01-2014 01:05 AM

Hello.

I want to get a statistic for values of every X number of non-overlapping events. For example, for events with time and value fields, the average of the values for every 2 fields is

(1-1)
(2-1) --> (1+1)/2=1

(3-2)
(4-3) --> (2+3)/2=2.5
(5-1)
(6-4) --> (1+4)/2=2.5
(7-5)
(8-5) --> (5+5)/2=5
(9-7)

To end up with a chart (time-avg)
(2-->1)
(4-->2.5)
(6-->2.5)
(8-->5)

I looked at bucket (bins, minspan), timechart, streamstats. but couldn't figure it out. Thanks for your help.

0 Karma
Reply

gfuente
Motivator
‎12-01-2014 04:23 AM

Hello Try this:

| bucket _raw span=2

Regards

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...