Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
3,000 results
Sorted by:
07-08-2013
06:19 PM
5 Karma
Noob question. What is the different between stats and eventstats commands?
- Tags:
- eventstats
- stats
Show results in replies (4)
-
...earch results and save them as values in new fields. Eventstats is similar to the stats command, except t...
-
This blog was really useful for me when attempting to understand streamstats and eventstats. T...
-
...earch-command-stats-eventstats-and-streamstats-2/
-
...paque at times - especially when you get into some of the less common commands like eventstats and s...
09-20-2023
12:39 AM
...his but im getting 0 results
| stats count by SERVERS
| stats count(SERVERS) by Domain as "Domain_Count"
| eventstats sum(count) as Total_Servers
What can I do ? Thanks
- Tags:
- eventstats
01-17-2018
02:53 AM
1 Karma
I can't comprehend what 'eventstats' is. I went thru the splunk docs. I wanna use math functions like avg.. etc.. not sure whether to use stats avg or eventstats avg !! An example would be a...
- Tags:
- splunk-enterprise
Labels
- Labels:
-
stats
03-26-2018
05:48 PM
I have used below query to get distinct values:
stats values(gitRepo) AS serviceName BY buildNum
This gives correct values. Problem is I am not getting value for other fields. If I used eventstats...
01-17-2023
08:34 AM
...s:azure:accounts" source="rest*User*")
| where match(userPrincipalName,"domain name") or match(userPrincipalName,"domain name")
| eventstats count by id
| eventstats count(eval((source="rest://MSGraph G...
05-26-2022
07:06 PM
...bsp;
In order to overcome the JOIN/subsearch limit and maybe gain some efficiencies I tried using eventstats instead. The resultant query is below, and runs for over an hour with questionable r...
Show results in replies (6)
-
Try shortening the subsearch with another subsearch index=qualys sourcetype="qualys:hostDetection"...
-
...ou only want to be adding the fields from the subquery with eventstats (not values from all the e...
-
...sing stats or eventstats seems to be very slow compared to using my original JOIN query
-
To be fair, your second search is effectively doing an alltime search which, not surprisingly, is t...
-
Believe you nailed it! And, never occurred to me to filter within the JOIN, before producing ...
-
...ot accurate since it is missing ~22,000 relative records. In every case where I use stats or eventstats...
01-08-2015
04:57 AM
1 Karma
Hello,
I'm looking to use the eventstats function to count the amount of times the word Error occurs in my event.
Can anyone help as it doesn't appear to work ?
01-31-2023
04:14 PM
Hi all - I'm attempting to write a query using earliest/latest based off a date field in the event, not _time. I've tried a dozen things, and no matter what I try the earliest/latest fields are not s...
Labels
- Labels:
-
stats
05-19-2015
07:09 AM
...ll churns. where in above i want only churned. please some one help me out.
sourcetype="Customer_Churn"
| stats sum(Total_Revenue) as rev by PLACEMENT
| eventstats sum(rev) as f...
Show results in replies (5)
-
...ustomer_Churn" | stats sum(eval(if(CHURN=="1",1,0))) as churned_count by PLACEMENT | eventstats sum(c...
-
sourcetype="Customer_Churn" | eventstats count(eval(CHURN="1")) as churned_count by P...
-
...ourcetype="Customer_Churn" | eventstats sum(eval(if(CHURN=="0",1,0))) as churned_count by PLACEMENT | eventstats...
-
...elow query, sourcetype="Customer_Churn" | eventstats sum(eval(if(CHURN=="1",1,0))) a...
-
...ustomer_Churn" | stats sum(eval(if(CHURN=="1",1,0))) as churned_count by PLACEMENT | eventstats...
11-21-2020
12:02 PM
1 Karma
Hi All I'm new to Splunk and I'm confused between stats eventstats and streamstats. Can anyone help me to understand?
Labels
- Labels:
-
stats
Show results in replies (5)
-
...nd-eventstats-command-in-splunk/. Shortly streamstats calculate over sliding window and eventstats o...
-
https://splunkonbigdata.com/difference-between-streamstats-and-eventstats-command-in-splunk/
-
One addition to streamstats, you could define the window which it use to calculate stats. Also you ...
-
...re passed down the line eventstats adds to the pipeline as a whole - calculated values are based on a...
-
...ncoming result set. eventstats Eventstats calculates a statistical result same as stats command o...
