Multi-column stats: average and count for a column

I am building a search to find the average amount of time an action takes:

sourcetype="timelog" | stats avg(request_duration) by requested_file

However, I would also like to see the number of hits represented in that average which I would intuitively write like so:

sourcetype="timelog" | stats avg(request_duration), count(request_duration) by requested_file

Of course, this is invalid syntax because stats only allows one input column.

What is the proper way to write this search?

count search stats

asked 15 Jul '10, 01:18

isnoop
1●1●1●1
accept rate: 0%

One Answer:

1	The `stats` command allows many input columns and many aggregation functions on any or all of them. The above syntax is valid and correct for what you have stated. link answered 15 Jul '10, 03:43 gkanapathy ♦ 32.6k●4●8●27 accept rate: 41%

Post your answer

toggle preview

Email:

RSS:

Answers

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

Tags:

search ×1,685
stats ×281
count ×152

Asked: 15 Jul '10, 01:18

Seen: 3,213 times

Last updated: 15 Jul '10, 03:43