Calculates the average for a field over a set of events. The result is returned in a field named _avg. You can use this field name to pipe the results to other query functions for further processing, as shown in the example below.
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
fieldcan be omitted; the following forms of this function are equivalent:logscaleavg("field")and:
logscaleavg(field="field")These examples show basic structure only.
avg() Examples
Calculate Average of Field Values in an Array
Calculate Average of Field Values in a flat array using the array:reduceRow() function
Query
array:reduceRow("ages[]", var=x, function=avg(x))Introduction
The array:reduceRow() function can be used
together with the aggregate function avg() as
the function argument to calculate the average of field values in
a flat array. In this example, the
array:reduceRow() function is used to
calculate the average age of the field ages
and return the result in a field named
_reduceRow._avg.
Example incoming data might look like this:
| ages[0] | ages[1] | ages[2] |
|---|---|---|
| 16 | 32 | 64 |
| 15 | 30 | 45 |
| 1 | 2 | 4 |
| 89 | 57 | 67 |
Step-by-Step
Starting with the source repository events.
- logscale
array:reduceRow("ages[]", var=x, function=avg(x))Produces two events, calculating the average value across the ages[] array for each event. The results are placed into the _avg field for each new event.
Event Result set.
Summary and Results
The query is used to calculate averages for a given array for
each event and is a shorthand version of using
array:eval() specifically for processing
each event.
Sample output from the incoming example data:
| ages[0] | ages[1] | ages[2] | _avg |
|---|---|---|---|
| 16 | 32 | 64 | 37.333 |
| 15 | 30 | 45 | 30 |
| 1 | 2 | 4 | 2.67 |
| 89 | 57 | 67 | 71 |
Note that the evaluation is per event, for example per row of
the overall table of values across the array over all events. To
calculate values across the column of values, use
array:reduceColumn().
Calculate the Mean of CPU Time
Calculate the sum of all numbers (mean) of the CPU time
Query
avg(field=cputimeNanos)
| cputime := (_avg/1000000)
| format("%,.2f", field=_avg, as=_avg)Introduction
CPU time is the exact amount of time that the CPU has spent
processing data for a specific program or process. In this query
the avg() function is used to calculate the
sum of all numbers; the mean of the CPU Time.
Step-by-Step
Starting with the source repository events.
- logscale
avg(field=cputimeNanos)Calculates the mean of the field cputimeNanos. This can be run in the humio system repository to get the average time spent in nanoseconds for different activities. The mean is calculated by summing all of the values in the cputimeNanos field and dividing by the number of values across all events.
- logscale
| cputime := (_avg/1000000)Calculates the average CPU time to milliseconds to make it easier to read.
- logscale
| format("%,.2f", field=_avg, as=_avg)Overwrites the field _avg to contain the _avg field to show only two decimals.
Event Result set.
Summary and Results
The query is used to averaging the field containing the CPU
value. This value is then piped to the
format() function, which provides a
formatting code — how the field value should be formatted.
In this example, it formats the value to two decimal.
Calculation of CPU times is useful to determine processing power
- for example if troubleshooting a system with high CPU usage.
Sample output from the incoming example data:
| _avg |
|---|
| 0.14 |
Compute Average Value for Each Array Element With Same Index
Compute an average value for each array element with the same index across multiple events using the array:reduceColumn()
Query
maxTimes := array:reduceColumn("ages[]", var=x, function=avg(x))Introduction
The array:reduceColumn() function can be
used to compute an average value for each array element with the
same index. In this example, the
array:reduceColumn() function is used to
find the maximum time for each array element with same index in
a flat array.
Example incoming data might look like this:
| ages[0] | ages[1] | ages[2] |
|---|---|---|
| 16 | 32 | 64 |
| 15 | 30 | 45 |
| 1 | 2 | 4 |
| 89 | 57 | 67 |
Step-by-Step
Starting with the source repository events.
- logscale
maxTimes := array:reduceColumn("ages[]", var=x, function=avg(x))Computes the average for each array element with same index in the array and reduces it to one value, placing the result for each index into a new field _reduceColumn.
Event Result set.
Summary and Results
The query is used to find the maximum time for each array element with same index in a flat array.
| _reduceColumn[0] | _reduceColumn[1] | _reduceColumn[2] | _reduceColumn[3] | |
|---|---|---|---|---|
| 40.3 | 40.3 | 63.3 |