Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Error after stats command
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hoerberm
New Member
12-18-2014
08:33 AM
Hi,
I need your help,
I have a search like this
index=test sourcetype=XY | stats count(Field1) AS f1 by action="Value1" Field2 | stats count(Field3) AS f3 by action="Value2" Field2 | eval sum=Field1+Field2 | eval pro1=Field1/sum*100 | eval pro2=Field3/sum*100 | table Field2 f1, pro1, f3, p2, sum
After running the search there is the Error:
Error in 'stats' command: The argument 'Field100=Value1' is invalid.
Has anyone an Idea how I can change the search that the search is running?
Thanks for your help
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fdi01
Motivator
12-18-2014
11:29 PM
index=test sourcetype=XY|eval action="Value1" | stats count(Field1) AS f1 by action, Field2 | appendcols [search index=test sourcetype=XY|eval action="Value2" |stats count(Field3) AS f3 by action, Field2]| eval sum=Field1+Field2 | eval pro1=Field1/sum*100 | eval pro2=Field3/sum*100 | table Field2 f1, pro1, f3, p2, sum
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pragycho
Loves-to-Learn
10-02-2018
11:47 AM
hi ,
I need your help to set filter between min and max range.
i have created two dropdown box.
<label>Min value</label>
<choice value="-5">-5</choice>
<choice value="-4">-4</choice>
<choice value="-3">-3</choice>
<choice value="-2">-2</choice>
<choice value="-1">-1</choice>
<choice value="0">0</choice>
<choice value="1">1</choice>
<choice value="2">2</choice>
<choice value="3">3</choice>
<choice value="4">4</choice>
<choice value="5">5</choice>
<default>-10</default>
</input>
<label>Max value</label>
<choice value="-5">-5</choice>
<choice value="-4">-4</choice>
<choice value="-3">-3</choice>
<choice value="-2">-2</choice>
<choice value="-1">-1</choice>
<choice value="0">0</choice>
<choice value="1">1</choice>
<choice value="2">2</choice>
<choice value="3">3</choice>
<choice value="4">4</choice>
<choice value="5">5</choice>
</input>
then create two filter
FILTER score > "$min_score$"
FILTER score < "$max_score$"
---------------------> here i am facing issue in xml parsing for operator less than (<)
this is error :
XML Syntax Error: StartTag: invalid element name,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fdi01
Motivator
12-18-2014
11:29 PM
index=test sourcetype=XY|eval action="Value1" | stats count(Field1) AS f1 by action, Field2 | appendcols [search index=test sourcetype=XY|eval action="Value2" |stats count(Field3) AS f3 by action, Field2]| eval sum=Field1+Field2 | eval pro1=Field1/sum*100 | eval pro2=Field3/sum*100 | table Field2 f1, pro1, f3, p2, sum
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ayn
Legend
12-18-2014
09:38 PM
Also your multiple stats commands will not work, because the first stats command consumes all data that goes into it and only emits whatever fields it calculates.
Perhaps you want something like this?
index=test sourcetype=XY action="Value1" OR action="Value2" | stats count(eval(action=="Value1")) as Field1, count(eval(action=="Value2")) as Field2 | ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aweitzman
Motivator
12-18-2014
08:44 AM
I'm not sure what you're trying to do, but by action="SomeValue" is not a valid by clause in stats. You can only list fields there.
http://docs.splunk.com/Documentation/Splunk/6.2.1/SearchReference/Stats
What are you trying to do?
Get Updates on the Splunk Community!
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0
Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
