https://community.splunk.com/t5/Splunk-Search/Difference-between-last-X-and-latest-X/m-p/59067#M14557 <P>You are right. Thanks a lot.</P> Tue, 10 Sep 2013 17:23:09 GMT strive 2013-09-10T17:23:09Z https://community.splunk.com/t5/Splunk-Search/Difference-between-last-X-and-latest-X/m-p/59065#M14555 <P>Hi,</P> <P>What is the difference between last(X) and latest(X) functions for stats. I tried both in searches and i get same output. The difference is not quite clear in splunk documentation <A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonStatsFunctions">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonStatsFunctions</A></P> <P>I would like to know the exact difference between these two functions.</P> <P>Thanks</P> <P>Strive</P> Tue, 10 Sep 2013 15:07:23 GMT https://community.splunk.com/t5/Splunk-Search/Difference-between-last-X-and-latest-X/m-p/59065#M14555 strive 2013-09-10T15:07:23Z https://community.splunk.com/t5/Splunk-Search/Difference-between-last-X-and-latest-X/m-p/59066#M14556 <P>You see the same output likely because you are looking at results in default time order.</P> <P>This search (for me, on the tutorial sample data) gives me four different values:</P> <PRE><CODE>sourcetype="access_combined_wcookie" | sort time_taken | stats first(c_ip) latest(c_ip) last(c_ip) earliest(c_ip) </CODE></PRE> <P>first and last are by 'data order', earliest and latest are by 'time order'.</P> Tue, 10 Sep 2013 15:36:41 GMT https://community.splunk.com/t5/Splunk-Search/Difference-between-last-X-and-latest-X/m-p/59066#M14556 dart 2013-09-10T15:36:41Z https://community.splunk.com/t5/Splunk-Search/Difference-between-last-X-and-latest-X/m-p/59067#M14557 <P>You are right. Thanks a lot.</P> Tue, 10 Sep 2013 17:23:09 GMT https://community.splunk.com/t5/Splunk-Search/Difference-between-last-X-and-latest-X/m-p/59067#M14557 strive 2013-09-10T17:23:09Z