This query function is used to calculate the average for a field over a set of events. The result is returned in a field named _avg. You can use this field name to pipe the results to other query functions for further processing, as shown in the example below.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
as | string | false | _avg | The optional name of the output field. |
field | string | true | The field from which to extract a number and calculate the average. [a] | |
avg() Examples
As an example of how you might use the avg() query
function, suppose you have a repository with events that include
receiving occasionally small files. Suppose further that you want to
determine the average size of files received into the repository. To do
this, you might use a query such as this:
avg(field=cputime)
| format("%,.2f", field=_avg, as=_avg)
The query averages the values of the
cputime fields in events. The
average of those values is determined using the
avg() function. That number is then piped to the
format() function, which formats the number to two
decimal places, using , as the thousands separtor.
This query would return a result similar to what you see in Figure 378, “Average Function Query Example”:
Figure 378. Average Function Query Example
In the example above, the result is presented using the
Single Value widget.