Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

headache stats by fields name and values

gduc
Observer
‎10-07-2020 06:01 AM

Hi Splunkers;

I'm trying to create a table but can't and don't understand how to do...

I'd like to calculate stats avg, max and exactperc90 on 8 fields values adding a by 2 other fields values.

my problem is to use as a field value his own field name.

I'm not shure my explains are clear, tried to draw it.

stats_by.png

any one have done this before?

Thanks a lot for support.

Labels (1)
Labels
0 Karma
Reply

gduc
Observer
‎10-08-2020 06:27 AM

Thanks for your answer.

but not what i need.

what i need is the request for:

-the 1st and 2nd columns are "| stats by" u_ci_name and component_value

-the 3rd column is a list of "fields names" caled "traffic*" by u_ci_name and component_value

-the lasts columns are avg/max/perc by u_ci_name and component_value and fields names

 

hope you see what i mean.

thanks a lot.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-07-2020 06:49 AM

You can rename fields in the stats command e.g.

| stats avg(count) as Average

Or use the rename command

| rename Avg as Average

 

Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...