Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
20,000 results
Sorted by:
09-18-2022
10:28 PM
Hello-
I am attempting to make a table and hopefully be able to integrate it into a dashboard.
Goal is to interrogate on two fields and pull stats accordingly.
FieldA has multiple v...
12-08-2022
02:30 AM
Hi,
I'm looking for how to make conditional stats aggregation query according to a form input "With users" (value : Yes or No)
I got a list of events per User
When form input With users is e...
Labels
- Labels:
-
stats
Show results in replies (4)
-
It looks like your queries are more like | stats count as avgNb avg(DUR) as avgDuration by USR U...
-
...ork | eval label="USR URI" | stats count as avgNb avg(DUR) as avgDuration by $label$ => No r...
-
Yes, the label and value are from your form input (which you have referenced but not shown) not an ...
-
@ITWhisperer It works perfectly !! Thanks a lot
06-01-2022
04:24 AM
Hi I have table like this:
name color status
jack red f...
Labels
- Labels:
-
eval
-
field extraction
-
fields
-
regex
-
rex
Show results in replies (8)
-
...rintf("%04u %s %d", 10000-statuscount, status, statustotal) | stats values(name) as name values(c...
-
...y fields | fields - fields | stats values(*) as * by count | table name cname pname color ccolor p...
-
...")" | eval status=status."(".statuscount.")" | stats values(name) as name values(color) as color v...
-
Simpler SPL, yet you want a more complex output? Your expected output is not possible because you ...
-
@ITWhisperer need to sort each column from top to down.
-
how about this? expected output: Name cName %Name&nb...
-
...val status=printf("%04u %s", 10000-statuscount, status) | stats values(name) as name values(color) a...
-
@ITWhisperer about this line, how can i limit to 2 decimal places like this 33.33...
03-30-2021
05:57 PM
Hi, I have a data source that lists phone calls. Each call record will list a set of values, in defined fields The key information I’m interesting in, is a field called Phone_Number And a field c...
Labels
- Labels:
-
stats
03-22-2021
09:09 PM
I have simple search: index=xyz logLevel IN (ERROR, INFO) How do I plot two different color in a timespan chart? See attached sample timespan chart. Ideally, I want to show red fo...
02-28-2022
06:30 AM
Hey there,
I have a field let's say "abc" with values as such : 1,3,5,7,5,3,2,1,5,7,8,5,1,1,2,2,3,2,1,1,2,3,2,3
here what I am trying to look here is first do a stats count by abc | where c...
02-25-2019
02:52 AM
Hi, I wonder whether someone can help me please.
I'm using number the following as part of a query to extract data from a summary Index
| stats count(eval(repayments_submit="1")) as r...
01-17-2018
02:53 AM
1 Karma
I can't comprehend what 'eventstats' is. I went thru the splunk docs. I wanna use math functions like avg.. etc.. not sure whether to use stats avg or eventstats avg !! An example would be a...
- Tags:
- splunk-enterprise
Labels
- Labels:
-
stats
04-15-2014
08:05 AM
2 Karma
...f and stats sum, and 2) stats if count.
How can I make these methods work, if possible? I want to understand the functions in this context. Also, is there a better way?
Here is my eval a...
Show results in replies (4)
-
...t; 8), 1, 0) | stats sum(bool) as count or base search | stats count(eval((field1 != field2) A...
-
...he first method like this?: base search | eval bool = (field1 != field2) AND (field3 < 8) | stats...
-
...rom building the report. If you have multiple such conditions the stats in way 2 would become i...
-
...99 Erros"), 1, 0) | stats sum(ok) as ok sum(nok) as nok by hhost | addtotals | eval p_ok=ok/Total*1...
06-24-2013
03:12 PM
I would like to create a table of count metrics based on hour of the day. So average hits at 1AM, 2AM, etc.
stats min by date_hour, avg by date_hour, max by date_hour
I can not figure out w...
