I am trying to create a new column with the average of a field name (back_post_duration) . I need to add this column to existing 2 columns.
back_post_duration is the total response time for every request. ex: 11212 ms
1) URL ........xxxxxxxxxxxxx.com.au/checkout/multi/xxxxxxxxxNotificationHandler)
2) count ( total No. of occurrences of URL in specified time)
3) this is new column. (avg of back_post_duration)
Successful back-post to xxxxxxxxxxxxx.com.au/checkout/multi/xxxxxxxxxNotificationHandler in 11212 ms with response 404 Not Found.
right now i am using below , but unable to include the 3rd column
sourcetype=xxxxxxxxxxxxx | rex field=_raw "back-post to (?<TO_URL>\S+)" | stats count by TO_URL
If you have back_post_duration as a field, then try
<your query> | stats count as count,avg(back_post_duration) as Average by TO_URL
View solution in original post
Thanks Ranjith. This worked.