Solved: Why am I not getting the expected output with my c...

chanduira · ‎01-07-2016

Hi Experts,

I want to create a trend of UPS load over time.
I can get a UPS overtime trend by getting the sum of three phase inputs (with average of each phase) (ABC_PH1_UPS1_L1_OUTPWR, ABC_PH1_UPS1_L2_OUTPWR, & ABC_PH1_UPS1_L3_OUTPWR)

While I am doing timechart, I am not getting any output:

index=abc sourcetype=csv ABC_PH1_UPS1_*_OUTPWR | stats avg(Parameter Value) as Value by "Meter Name"| replace ABC_PH1_UPS1_L1_OUTPWR with UPS1, ABC_PH1_UPS1_L2_OUTPWR with UPS1, ABC_PH1_UPS1_L3_OUTPWR with UPS1 in "Meter Name"| timechart sum(Value) as Val by "Meter Name"

fdi01 · ‎01-07-2016

try whith "..." like:
...| stats avg("Parameter Value") as Value by "Meter Name"|...

View solution in original post

chanduira · ‎01-20-2016

I tried with addcols option its working

fdi01 · ‎01-07-2016

try whith "..." like:
...| stats avg("Parameter Value") as Value by "Meter Name"|...

javiergn · ‎01-07-2016

I've got a feeling that you need double quotes when calculating the avg of Parameter Value:

index=abc sourcetype=csv ABC_PH1_UPS1_*_OUTPWR | stats avg('Parameter Value') as Value by "Meter Name"| replace ABC_PH1_UPS1_L1_OUTPWR with UPS1, ABC_PH1_UPS1_L2_OUTPWR with UPS1, ABC_PH1_UPS1_L3_OUTPWR with UPS1 in "Meter Name"| timechart sum(Value) as Val by "Meter Name"

martin_mueller · ‎01-07-2016

Referring to a field name with nonstandard characters needs single quotes in eval, double quotes in stats - double quotes in eval give you a string.

That being said, avg(Parameter Value) is indeed not going to work, double quotes are needed.

javiergn · ‎01-07-2016

True, i'll fix my answer, thanks

Why am I not getting the expected output with my current search?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!