Skip to main content

avg Grouping Operator

The averaging function (avg) calculates the average value of the numerical field being evaluated within the time range analyzed.

Syntax

avg(<numerical_field>) [as <field>] [by <field>]

Rules

  • Creates field named _avg

Examples

Parse milliseconds and calculate average

This example query parses the number of milliseconds and calculates the average across the search time range.

_sourceCategory=app
| parse "time taken: * ms," as time
| avg(time) as avg_time

An example snippet from a log would like this: time taken: 21 ms, where the value parsed from time taken would be 21, which in this case is in milliseconds.

The average operator would calculate against all parsed values and return the average, which would be returned in the Aggregates tab as a number, such as 50.

avg results

Use Aggregate in Query

This example shows you how to use more than one aggregate operator like avg in a query. This is useful when you need to calculate the average of more than one field.

When multiple aggregates are used you need to create an alias using the as operator so they each get a unique field name. For example,

| avg(time) as avg_time, avg(_size) as logSize
Sumo Logic YouTubeSumo Logic Twitter
Legal
Privacy Statement
Terms of Use

Copyright © 2022 by Sumo Logic, Inc.