you can use the "windowstats" command to achieve your goal. first download the windowstats app from here: https://splunkbase.splunk.com/app/7329 your query | windowstats field=<field name> window=4 function=avg style=gradual OR your query | windowstats field=<field name> window=4 function=avg style=dynamic the difference between gradual and dynamic is how the window will be on the edges. when t=0 (first element) and window size is 4 ( window=4 means 4 without counting the middle value (total window size will be 5))) gradual will be x(t), x(t+1), x(t+2), x(t+3), x(t+4) dynamic will be: x(t), x(t+1), x(t+2) when t=size (last element) and window size is 4 ( window=4 means 4 without counting the middle value (total window size will be 5))) gradual will be x(t-4), x(t-3), x(t-2), x(t-1), x(t) dynamic will be: x(t-2), x(t-1), x(t) both dynamic and gradual work in the same way in the middle values. Happy Splunking!
... View more