Hi everyone,

I am unable to calculate average of the given values. However, I am getting values corresponding to min() and max(). Just to give you a bit of context, I am trying to extract response time from logs and based on that I want to create a chart (probably bar- chat) presenting min, max and avg response time for successful requests.

Here are few of my queries which I tried:

First approach

index=nonprod source=/some/microservices/alpha-* 
| spath level 
| search level=info 
| search message!="Exception has occurred." 
| regex message="([a-z0-9[\:\/\-.?=%]+)abc/submission] resolved in \[([0-9ms\s\]]+)"
| rex "resolved in \[(?<resptime>.*? )" 
| stats min(resptime) as Mintime max(resptime) as MaxTme avg(resptime) as AvgTime

Response => Mintime : 12237 MaxTme : 28338  AvgTime:  

Then second approach ( I thought may be <resptime> is a string type and hence avg() is unable to calculate average.  So, tried to convert string to number before calculating applying stats

index=nonprod source=/some/microservices/alpha-* 
                | spath level 
                | search level=info 
                | search message!="Exception has occurred." 
                | regex message="([a-z0-9[\:\/\-.?=%]+)abc/submission] resolved in \[([0-9ms\s\]]+)"
                | rex "resolved in \[(?<resptime>.*? )" 
                | eval responseTime = tonumber(resptime)
                | stats min(responseTime) as Mintime max(responseTime) as MaxTme avg(responseTime) as AvgTime

 
This approach didn't work at all. 

FYI - following are the values I am getting from <resptime> when I use  " | table resptime" right after rex statement. 

Also, I have also figured it out that eval also doesn't work I tried printing eval statement as table it showed 12 empty rows. Moreover, I also tried eval with if ()  
"eval responseTime = if(isNum(resptime),"True",tonumber(resptime)) | table responseTime". No luck.

Any help in this regard would be highly appreciated. 

Thanks