Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Using Eval and stats together

ianpaquette
New Member
‎02-26-2020 02:38 PM

I am trying to feed the results of (2) subsearches into and eval search.

| eval Average=data/asstes [stats sum(data) | return $data] [stats count(MAC_Address) | retun $assets]

there may bay a better way to do this... I need to sum of data divded by to total number of unique MAC addresses.

Any help is appreciated.

0 Karma
Reply

masonmorales
Influencer
‎02-26-2020 04:48 PM

Can you post some sample data?

0 Karma
Reply

anmolpatel
Builder
‎02-26-2020 05:11 PM

try this instead:

| eventstats sum(data) as sum_of_data dc(MAC_Address) as dc_of_MAC_Address
| eval average = sum_of_data / dc_of_MAC_Address
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...