Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to work out average

PaulaCom
Path Finder
‎07-12-2023 04:32 AM

Hi all 

i have a search running with the following results

date_year                   count 

2022                             44,814

 

how do i get the average count over the year? 

I've tried to eval date_year by 12 but this doesnt look right. 

Also have | timechart avg(date_year) and this is not working out 

any ideas?

PaulaCom_0-1689161537556.png

 

 

 

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 05:06 AM

Hi @PaulaCom,

if you want the average for month, you could calculate:

index=mmuh_helpdesk sourcetype=mmuh_helpdesk_json
| stats count BY date_month
| stats avg(count) AS avg

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-12-2023 05:00 AM

What do you mean by average count over the year?

Is this average daily count over the year, or average weekly count, or average monthly count?

Whatever your time frame, you should calculate the counts for each month (for example) then take the average of these counts.

0 Karma
Reply
Solved! Jump to solution

PaulaCom
Path Finder
‎07-12-2023 05:07 AM

thank you 

i'm using data from 2022

the total number of calls to our helpdesk was 45k (ish)

and need to show the average calls we receive every month 

so if i work that out in my head thats 45 / 12 = 3750 average number of calls per month

i'd like to work this out in Splunk 

thank you 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 04:57 AM

Hi @PaulaCom,

if you have only one value it isn't possible to calculate the average.

Could you share your search?

Ciao.

Giuseppe

Reply
Solved! Jump to solution

PaulaCom
Path Finder
‎07-12-2023 05:03 AM

thank you 

my search is pretty basic 

index=mmuh_helpdesk sourcetype=mmuh_helpdesk_json
| dedup id
| fillnull value=NULL 

I've set the range to 'previous year'

there is also a field called date_month which shows the number of tickets raised over each month like this:

PaulaCom_0-1689163390697.png

thanks 

 

P:) 

 

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 05:06 AM

Hi @PaulaCom,

if you want the average for month, you could calculate:

index=mmuh_helpdesk sourcetype=mmuh_helpdesk_json
| stats count BY date_month
| stats avg(count) AS avg

Ciao.

Giuseppe

Reply
Solved! Jump to solution

PaulaCom
Path Finder
‎07-12-2023 05:13 AM

starbar! 

thank you 🙂 

 

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2023 05:14 AM

Hi @PaulaCom ,

good for you, see next time!

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

Reply
Solved! Jump to solution

PaulaCom
Path Finder
‎07-12-2023 05:20 AM

thank you 

I got a long number in my response 3759.4166666666665

so used the floor command to round it up !

 

thanks again for your guidance - 

 

P

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-12-2023 05:27 AM

The floor function rounds down not up; the ceil function will round up; the round function will round to the nearest number (with a specified level of precision).

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...