...
Calculates the average of the values in a specified column in of the search query results.
...
For each event in the search query results that has the specified column_name with a numeric value, add adds the value to the cumulative sum, and when you have it has reached the last event, divide divides the cumulative sum by the number of events to get the average.
...
* in log.access | avg Bytes Sent
Returns From the events in access log, returns the average value of the values in column Bytes Sent in the events from access log.
Example 2:
http in log.iis log | avg time-taken | group by sc-status From the events in log.iss log that contain http in their column values, returns the average of the values in column time-taken, grouped according to the value of the sc-status column.