Calculates the average of the values in a specified column of the search query results.
Syntax: <character string>
Description: The name of a column header that has numeric values
For each event in the search query results that has the specified column_name with a numeric value, adds the value to the cumulative sum, and when it has reached the last event, divides the cumulative sum by the number of events to get the average.
* in log.access | avg Bytes Sent
From the events in access log, returns the average of the values in column Bytes Sent.
http in log.iis log | avg time-taken | group by sc-status
From the events in log.iss log that contain http in their column values, returns the average of the values in column time-taken, grouped according to the value of the sc-status column.