Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Aggregate stats functions

Marco
Communicator
‎10-23-2020 02:20 PM

Hi folks,

host=* AlertType="Warning" |bucket _time span=day| stats count min(count) max(count)  avg(countstdev(count) by _time

This is what the results look like:

_time count min(count) max(count) avg(count) stdev(count)

_timecountminmaxavgstdev
2020-08-0571    
2020-08-06109    
2020-08-07282    
2020-08-0844    
2020-08-0945    
2020-08-1036    

 

 

I get the other columns blank, I want the query to return the Min, Max, Avg, and STD from the data in the Count column

Thank you,

Marco

Labels (7)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-23-2020 02:31 PM

count doesn't have a value until the first stats completes

host=* AlertType="Warning" |bucket _time span=day
| stats count by _time
| stats min(count) max(count) avg(count) stdev(count)

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-23-2020 02:31 PM

count doesn't have a value until the first stats completes

host=* AlertType="Warning" |bucket _time span=day
| stats count by _time
| stats min(count) max(count) avg(count) stdev(count)
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...