Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

is the stats count is count of event or count of word?

pavanae
Builder
‎01-26-2018 08:21 AM

For example I have a query like below 

index=ABC | stats count by host

Does stats is the word count of all the events or character count of all events or is it just the event count?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

elliotproebstel
Champion
‎01-26-2018 08:24 AM

In the example above, Splunk will count the number of events per host.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎01-28-2018 08:31 AM

Hi @pavanae,

Yes, It is just event count.

| stats count by host will return count of events from each host for selected time range.

stats command is not just for a event count It is more than that. Please refer below links for magical example for stats command.

http://docs.splunk.com/Documentation/Splunk/7.0.1/SearchReference/Stats

https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Stats

Thanks
Kamlesh

0 Karma
Reply
Solved! Jump to solution
Solution

elliotproebstel
Champion
‎01-26-2018 08:24 AM

In the example above, Splunk will count the number of events per host.

0 Karma
Reply
Solved! Jump to solution

elliotproebstel
Champion
‎01-26-2018 08:31 AM

If you'd like a count of events, words, and characters by host:

index=ABC
| rex max_match=0 "(?<words>\w+)" 
| mvexpand words 
| stats sum(eval(len(_raw))) AS character_count count(words) AS word_count count AS event_count BY host
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...