Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

help on tstats command

jip31
Motivator
‎03-18-2020 05:30 AM

hello
I use the stats command below in order to count the number of index on which an host collect events

| stats dc(index) AS "Number of index" BY host

Now I need to use stats instead tstats
So I am doing something like

| tstats dc(index) as "Number of index"

but when I am doing this I have an error message
Error in 'TsidxStats': Aggregations are not supported for index, splunk_server and splunk_server_group"
what is the problem please???

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎03-18-2020 05:58 AM

Try the following (which includes all non internal indexes and returns results from indexes you have access to):

| tstats count where index=* by host index
| stats dc(index) by host
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

niketn
Legend
‎03-18-2020 05:58 AM

Try the following (which includes all non internal indexes and returns results from indexes you have access to):

| tstats count where index=* by host index
| stats dc(index) by host
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

jip31
Motivator
‎03-18-2020 06:18 AM

perfect niket! thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...