Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

display running average with autoregress?

dang
Path Finder
‎03-10-2011 09:22 PM

I am attempting to calculate a running average with autoregress for a count of errors across a group of servers. I'm using the following query to get the data in 5-minute slices

index="monitoring" ServerErrors  | timechart span=5m sum(ServerErrors)

How would I get a running average of the last four hours of the values generated here? Do I want to use something like 

| autogregress p1-48

My experience here is very limited, so I'm certain there is much I don't know about what's going on here.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎03-10-2011 10:05 PM

I'd go this route:

index="monitoring" ServerErrors 
       | timechart span=5m sum(ServerErrors) as Error5MinSum 
       | streamstats avg(Error5MinSum) window=48

http://www.splunk.com/base/Documentation/latest/SearchReference/Streamstats

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎03-10-2011 10:05 PM

I'd go this route:

index="monitoring" ServerErrors 
       | timechart span=5m sum(ServerErrors) as Error5MinSum 
       | streamstats avg(Error5MinSum) window=48

http://www.splunk.com/base/Documentation/latest/SearchReference/Streamstats

0 Karma
Reply
Solved! Jump to solution

dang
Path Finder
‎03-10-2011 11:49 PM

Thanks. This provided the kind of information I wanted.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...