Calculate averages from 3rd Tuesday of Month to the 3rd Monday of following month

Question

I am trying to create a table or timechart that tracks averages for an event from the 3rd Tuesday of every month to the 3rd Monday in the following month (on a reoccurring basis). For example I want the output to look like:

Time Range Average 1/17/12-2/20/12 14.8 2/21/12-3/19/12 15.3

Can someone please help me figure out how to write this query? Thank you for all of your help.

Answer 1

0

Try this

yoursearchhere |
eval earliest=relative_time(now(),"-2mon@mon") |
eval earliest=relative_time(earliest,"+21d") |
eval earliest=relative_time(earliest, "@w2") |
eval latest = relative_time(earliest,"+28d") |
where _time >= earliest AND _time <= latest |
timechart avg(yourfield)

Good luck! BTW, you realize that if you run this each month, some days will get skipped. Also, you might want to change the second line from "-2mon@min" to "-1mon@mon", depending on when you run the search each month.

link

answered 18 Mar '12, 01:32

lguinn ♦
10.9k●5●7●23
accept rate: 28%

Thank you very much for the response. I will try this and let you know how it worked.

(21 Mar '12, 13:07) grhick

Calculate averages from 3rd Tuesday of Month to the 3rd Monday of following month

Follow this question

Splunk Resources

Related questions