Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using Eval and stats together

ianpaquette
New Member
‎02-26-2020 02:38 PM

I am trying to feed the results of (2) subsearches into and eval search.

| eval Average=data/asstes [stats sum(data) | return $data] [stats count(MAC_Address) | retun $assets]

there may bay a better way to do this... I need to sum of data divded by to total number of unique MAC addresses.

Any help is appreciated.

0 Karma
Reply

masonmorales
Influencer
‎02-26-2020 04:48 PM

Can you post some sample data?

0 Karma
Reply

anmolpatel
Builder
‎02-26-2020 05:11 PM

try this instead:

| eventstats sum(data) as sum_of_data dc(MAC_Address) as dc_of_MAC_Address
| eval average = sum_of_data / dc_of_MAC_Address
0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...