Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I filter based on average over time

huan_an
Explorer
‎03-19-2022 02:49 AM 
query 
| bin _time span=30m 
| chart avg(throughput) by _time server

Hi, I want only the avg(throughput) by _time server values that exceed a certain number to be shown. I tried multiple different ways and came up with broken queries/queries that return empty results like the following:

# broken query
| where avg(throughput) by _time server > 80
# no results found
| search avg(throughput) by _time server > 80
# broken query
| rename avg(throughput) by _time server as avgthroughput
| where avgthroughput > 80

Would appreciate suggestions! Thank you.

P.S. Splunk beginner

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-19-2022 03:33 AM

Does something like this work for you?

query 
| bin _time span=30m 
| stats avg(throughput) as avgthroughput by _time server
| where avgthroughput > 80
| xyseries _time server avgthroughput

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-19-2022 03:33 AM

Does something like this work for you?

query 
| bin _time span=30m 
| stats avg(throughput) as avgthroughput by _time server
| where avgthroughput > 80
| xyseries _time server avgthroughput
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

[Puzzles] Solve, Learn, Repeat: Unmerging HTML TablesFor a previous puzzle, I needed some sample data, and ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...