Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Understanding TsidxStats and tstats.

Thats_my_usrnme
Explorer
‎12-08-2023 05:36 AM

Hello Team,

Everyone has probably seen this error. 

Error in 'TsidxStats': _time aggregations are not yet supported except for count/min/max/range/earliest/latest

I try to understand stats command use which fields.  I don't want to try every field. Can I see this fields list on GUI or CLI?

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-08-2023 10:20 AM

That error message is specific to the _time field.  It's listing the only aggregation functions that can be used in tstats with that field; others, like sum, avg, etc., will produce this message.

To see which fields can be used by the tstats command, use walklex.

| walklex type=field index=foo
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-08-2023 10:20 AM

That error message is specific to the _time field.  It's listing the only aggregation functions that can be used in tstats with that field; others, like sum, avg, etc., will produce this message.

To see which fields can be used by the tstats command, use walklex.

| walklex type=field index=foo
---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...