Splunk Search

help on tstats command

jip31
Motivator

hello
I use the stats command below in order to count the number of index on which an host collect events

| stats dc(index) AS "Number of index" BY host 

Now I need to use stats instead tstats
So I am doing something like

| tstats dc(index) as "Number of index" 

but when I am doing this I have an error message
Error in 'TsidxStats': Aggregations are not supported for index, splunk_server and splunk_server_group"
what is the problem please???

Labels (2)
Tags (1)
0 Karma
1 Solution

niketn
Legend

Try the following (which includes all non internal indexes and returns results from indexes you have access to):

| tstats count where index=* by host index
| stats dc(index) by host
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

niketn
Legend

Try the following (which includes all non internal indexes and returns results from indexes you have access to):

| tstats count where index=* by host index
| stats dc(index) by host
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

jip31
Motivator

perfect niket! thanks

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...