Hi,
I have data something like this:
Events in splunk search are as follows
04:30 [timestamp] [text] type = a count = 10
[timestamp] [text] type = a count = 30
04:31 [timestamp] [text] type = a count = 30
[timestamp] [text] type = a count = 20
when I run the following query
"index = test source=".log" "type = a" count
| stats avg(count)
I get (10 + 30)/2 = 20
But I need to get (10+30+30+20) /4 = 45 (irrespective of events)
Can anyone help me on this ?
Thanks
... View more