×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
UdayAditya
New Member
Member since: ‎12-01-2017
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-01-2017
View All

Re: How to add a new column to existing stats resu...

by in Splunk Search
‎12-01-2017 09:23 AM
‎12-01-2017 09:23 AM
@niketnilay if i understood correctly. "span=1d _time" will try placing all events in buckets corresponding to each day. While aggregating values, I realized Splunk ignores buckets without any events in it. In that case the average calculated can easily become invalid if there are no events falling into particular day's bucket. ex: Selected time range = 5 days, total events = 10 then I expect the daily average to be 10/5 = 2. day1 bucket = 3 day2 bucket = 3 day3 bucket = 0 day4 bucket = 4 day5 bucket = 0 then i see that Splunk calculates average as (3+3+4)/3 ~ 3.33 which is not desired for me. Any suggestion to how can i achieve the correct average using splunk ? ... View more

Re: How to add a new column to existing stats resu...

by in Splunk Search
‎12-01-2017 02:48 AM
‎12-01-2017 02:48 AM
@niketnilay Thank you, i tried multiple things and looked like i added unnecessary complexity. This solution looks simple and clear. ... View more

How to add a new column to existing stats result a...

by in Splunk Search
‎12-01-2017 01:33 AM
‎12-01-2017 01:33 AM
Hi I am new to splunk and still exploring it. How do i create a new result set after performing some calculation on existing stats output ? More details here: There can be multiple stores and each store can create multiple deals. I was able to get total deals per store id using this query index=fosign env="test" Level="Information" Properties.DealJacketId=* Properties.StoreId=* Properties.LogSource="Create.NewDeal.Handler" | stats count(Properties.DealJacketId) as "total_deals (In selected time period)" by Properties.StoreId but I am finding it difficult to produce average deals per day, dynamically based on selected time frame. Note: User can select multiple time frames and this needs to work for all time frames selected. StoreId | total_deals (In selected time period) | average_deals_per_day (includes weekend) ==> "need help for this column" S1234 100 12 S1234 200 15 . . . Sample log: { Level: Information MessageTemplate: Deal created successfully for store: {storeId}, deal id: {DealJacketId}, DealNumber: {DealNumber} Properties: { CorrelationId: No Correlation Id Provided DealJacketId: MTc1ODY2MDAwMDAwMDAwMDAyfDcyMjN8bmp3OUVZQkZ6Sw== DealNumber: 7223 LogSource: Create.NewDeal.Handler SourceContext: CreatingNewDeal } Timestamp: 2017-12-01T09:20:08.7158876+00:00 } Any help is appreciated. Thank you. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM