For example, the following search returns a table with two columns (and 10 rows). The stats command works on the search results as a whole and returns only the fields that you specify. The eventstats and streamstats commands are variations on the stats command. The list of statistical functions lets you count the occurrence of a field and calculate sums, averages, ranges, and so on, of the field values.įor the list of statistical functions and how they're used, see "Statistical and charting functions" in the Search Reference.
The stats, chart, and timechart commands (and their related commands eventstats and streamstats) are designed to work in conjunction with statistical functions. Read more about visualization features and options in the Visualization Reference of the Data Visualization Manual. The timechart command returns your results formatted as a time-series chart, where your data is plotted against an x-axis that is always a time field. You can decide what field is tracked on the x-axis of the chart. The chart command returns your results in a data structure that supports visualization as a chart (such as a column, line, area, and pie chart). See more about the differences between these commands in the next section. The eventstats command calculates statistics on all search results and adds the aggregation inline to each event for which it is relevant. The streamstats command calculates statistics for each event at the time the event is seen, in a streaming manner. The stats command works on the search results as a whole. The stats, streamstats, and eventstats commands each enable you to calculate summary statistics on the results of a search or the events retrieved from an index. For the list of stats functions, see "Statistical and charting functions" in the Search Reference.For more information about the stat command and syntax, see the "stats" command in the Search Reference.
#Splunk stats by index how to#
This topic discusses how to use the statistical functions with the transforming commands chart, timechart, stats, eventstats, and streamstats.
0 kommentar(er)
