Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

why per_minute(), per_second() Functions don't work with Stats and streamstats command ??

NPR
Path Finder
‎04-18-2015 09:16 AM

i see this in Search Reference manuel
Stats functions options

stats-function
Syntax:avg() | c() | count() | dc() | distinct_count() | first() | last() | list() |
max() | median() | min() | mode() | p<in>() | perc<int>() | per_day() |
per_hour() | per_minute() | per_second() | range() | stdev() | stdevp() |
sum() | sumsq() | values() | var() | varp()

Description:Functions used with the stats command. Each time you
invoke the statscommand, you can use more than one function;
however, you can only use one by clause. For a complete list of stats
functions with descriptions and examples, see "Functions for stats, chart,
and timechart".

but when i run per_minute(), per_second() Functions with Stats and streamstats commands.
it isn't work why ?
any idea?

thank.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

stephane_cyrill
Builder
‎04-18-2015 02:48 PM

Hi everyone,

at the page 145 in splunk 6.2.2 SearchReference.pdf, where you saw STATS-FUNCTION, as NPR post up there, stats-function there is in the general sense of statistics. all that function are not precisely for STATS COMMAND.

at the end of that paragraph you have a link. "Functions for stats,chart,and timechart" this link redirect us at page 56 of the same document.
There we have a table that list Functions and that commands with which we use them.

It is clearly mention there that functions, per_day(), per_hour(), per_minute(),per_second() are use only with the COMMAND TIMECHART.

SO YOU CAN UNDERSTAND THAT IN SPLUNK FOR THE MOMENT WE DO NOT USE these functions with stats command.

see the manual here:

docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference/Whatsinthismanual

View solution in original post

Reply
Solved! Jump to solution

chimell
Motivator
‎04-19-2015 05:43 AM

Hi NPR
per_second() function is easily applicable to timechart command .Therefore , you can use a subsearch using timechart and per_second() function before use streamstats command.

Mean that you can use timechart and streamstats Or stats command in the same request , you make sure that timechart command come before streamstats or stats command in your request : look at an example

 index="_introspection" | timechart per_second(data.localTime) as X| streamstats current=t global=f window=2 range(X) as X1

you can follow this link for more information

http://answers.splunk.com/answers/228525/how-to-use-the-per-second-function-with-streamstat.html#ans...

Reply
Solved! Jump to solution

NPR
Path Finder
‎04-19-2015 05:52 AM

thank but i want with Stats and streamstats command
and thank olso for the link.

0 Karma
Reply
Solved! Jump to solution
Solution

stephane_cyrill
Builder
‎04-18-2015 02:48 PM

Hi everyone,

at the page 145 in splunk 6.2.2 SearchReference.pdf, where you saw STATS-FUNCTION, as NPR post up there, stats-function there is in the general sense of statistics. all that function are not precisely for STATS COMMAND.

at the end of that paragraph you have a link. "Functions for stats,chart,and timechart" this link redirect us at page 56 of the same document.
There we have a table that list Functions and that commands with which we use them.

It is clearly mention there that functions, per_day(), per_hour(), per_minute(),per_second() are use only with the COMMAND TIMECHART.

SO YOU CAN UNDERSTAND THAT IN SPLUNK FOR THE MOMENT WE DO NOT USE these functions with stats command.

see the manual here:

docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference/Whatsinthismanual

Reply
Solved! Jump to solution

ngatchasandra
Builder
‎04-18-2015 10:52 AM

Hi,
I think this is a mistake ! When you execute the commands streamstats and stats with per_minute functions per_second and per_day , splunk does not see them as the functions but as a argrument ! Because this is what is noted when execute the search. Error in 'stats' command: The argument 'per_day(bytes)' is invalid.

But this is work very fine with timechart command because timechart command can split results in time slot. Like follow for example:

index=_internal|timechart per_day(bytes)
0 Karma
Reply
Solved! Jump to solution

NPR
Path Finder
‎04-19-2015 05:50 AM

thank but i want with Stats and streamstats command

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...