Greetings, Splunk user but newbie still.  I am building some searches to show AWS cloudwatch data averages per account. An example would be "Average CPUUtilization in account X during the past 30 days" I'm currently getting data per EC2 instance with the following search: index="aws" sourcetype="aws:cloudwatch" metric_dimensions="InstanceId=*" metric_name = CPUUtilization | table account_id metric_dimensions metric_name period Average But of course, this shows only average per instance; I want to roll that data up to the account level and get the average for all instances within an account.  I suspect "stats" is what I need to use, but a nudge in the right direction would greatly help.     ... View more