Solved: How do I filter based on average over time

huan_an · ‎03-19-2022

query 
| bin _time span=30m 
| chart avg(throughput) by _time server

Hi, I want only the avg(throughput) by _time server values that exceed a certain number to be shown. I tried multiple different ways and came up with broken queries/queries that return empty results like the following:

# broken query
| where avg(throughput) by _time server > 80

# no results found
| search avg(throughput) by _time server > 80

# broken query
| rename avg(throughput) by _time server as avgthroughput
| where avgthroughput > 80

Would appreciate suggestions! Thank you.

P.S. Splunk beginner

ITWhisperer · ‎03-19-2022

Does something like this work for you?

query 
| bin _time span=30m 
| stats avg(throughput) as avgthroughput by _time server
| where avgthroughput > 80
| xyseries _time server avgthroughput

View solution in original post

ITWhisperer · ‎03-19-2022

Does something like this work for you?

query 
| bin _time span=30m 
| stats avg(throughput) as avgthroughput by _time server
| where avgthroughput > 80
| xyseries _time server avgthroughput

How do I filter based on average over time

chart

stats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!