Splunk Search

stats command file doubt

rakesh_498115
Motivator

Hi,

Is the default stats command for computing avg,min,max and sdev a custom search command which calls the rawstats.py file?
I have disabled the rawstats command for my search app, but I am available to run the stats command.

Am I missing something or is my understanding wrong?

Please help.

0 Karma

rakesh_498115
Motivator

ok Ayn.thanks 🙂

0 Karma

Ayn
Legend

I'm not sure what you didn't understand about that stats is an INTERNAL command. There IS no available code for it. rawstats.py seems like a good place to start with your own experiments.

0 Karma

rakesh_498115
Motivator

Ayn . can you please give me the sample code of avg function for stats command pls.. i need work for an extra functionlity on tat.

0 Karma

Ayn
Legend

As dart says, there is no external file. stats is a built-in command. If you need extra functionality, you'll need to build your own custom search command that adds it.

0 Karma

rakesh_498115
Motivator

no..values are correct only... i need to have some extra funtionality of stats command..so wanted to check that stats command file..cany you me help me in finding the exact file pls

0 Karma

dart
Splunk Employee
Splunk Employee

The stats command is a builtin. rawstats is the command that uses rawstats.py:

[rawstats]
filename = rawstats.py
streaming = true
retainsevents = true
overrides_timeorder = false

Ayn
Legend

Why not try it?

0 Karma

rakesh_498115
Motivator

so dart . if i define my additional functionality to this piece of code in rawstats.py file

def stats(r):
"""returns the median, average, standard deviation, min and max of a sequence"""
tot = sum(r)
avg = tot/len(r)

sdsq = sum([(i-avg)**2 for i in r])
s = list(r)
s.sort()
return s[len(s)//2], avg, (sdsq/(len(r)-1 or 1))**.5, min(r), max(r)

and save it as seperate command .. will that work ??

0 Karma

sdaniels
Splunk Employee
Splunk Employee

What are trying to achieve? Is there something wrong with the values that the stats command is returning?

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...