Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
2,000 results
Sorted by:
07-08-2013
06:19 PM
5 Karma
Noob question. What is the different between stats and eventstats commands?
- Tags:
- eventstats
- stats
Show results in replies (4)
-
This blog was really useful for me when attempting to understand streamstats and eventstats. T...
-
...earch results and save them as values in new fields. Eventstats is similar to the stats command, except t...
-
...earch-command-stats-eventstats-and-streamstats-2/
-
...paque at times - especially when you get into some of the less common commands like eventstats and s...
01-17-2018
02:53 AM
1 Karma
I can't comprehend what 'eventstats' is. I went thru the splunk docs. I wanna use math functions like avg.. etc.. not sure whether to use stats avg or eventstats avg !! An example would be a...
- Tags:
- splunk-enterprise
Labels
- Labels:
-
stats
03-26-2018
05:48 PM
I have used below query to get distinct values:
stats values(gitRepo) AS serviceName BY buildNum
This gives correct values. Problem is I am not getting value for other fields. If I used eventstats...
11-21-2020
12:02 PM
1 Karma
Hi All I'm new to Splunk and I'm confused between stats eventstats and streamstats. Can anyone help me to understand?
Labels
- Labels:
-
stats
Show results in replies (3)
-
...nd-eventstats-command-in-splunk/. Shortly streamstats calculate over sliding window and eventstats o...
-
...ncoming result set. eventstats Eventstats calculates a statistical result same as stats command o...
-
...re passed down the line eventstats adds to the pipeline as a whole - calculated values are based on a...
05-19-2015
07:09 AM
...ll churns. where in above i want only churned. please some one help me out.
sourcetype="Customer_Churn"
| stats sum(Total_Revenue) as rev by PLACEMENT
| eventstats sum(rev) as f...
Show results in replies (5)
-
sourcetype="Customer_Churn" | eventstats count(eval(CHURN="1")) as churned_count by P...
-
...ustomer_Churn" | stats sum(eval(if(CHURN=="1",1,0))) as churned_count by PLACEMENT | eventstats sum(c...
-
...ourcetype="Customer_Churn" | eventstats sum(eval(if(CHURN=="0",1,0))) as churned_count by PLACEMENT | eventstats...
-
...elow query, sourcetype="Customer_Churn" | eventstats sum(eval(if(CHURN=="1",1,0))) a...
-
...ustomer_Churn" | stats sum(eval(if(CHURN=="1",1,0))) as churned_count by PLACEMENT | eventstats...
01-08-2015
04:57 AM
1 Karma
Hello,
I'm looking to use the eventstats function to count the amount of times the word Error occurs in my event.
Can anyone help as it doesn't appear to work ?
06-13-2019
04:00 AM
Is there a limit of max values in a multi-value field listSummary for
| eventstats list(variable) as listSummary by <group>
Show results in replies (4)
-
...alues of amountInCHFCat. | table contractId amountInCHFCat | eventstats count as HTamountCounts b...
-
...mountInCHFCat | eventstats count as HTamountCounts by contractId amountInCHFCat | eventstats list(amountInCHFCat) a...
-
...isplay them in a table? In my case use mvdedup at the end. | table contractId amountInCHFCat | eventstats...
-
Hi @wfskmoney , As per the document reference by @kamlesh_vaghela (https://docs.splunk.com/Docume...
01-22-2018
01:02 PM
...han positive searches. So I was planning to revise the above into this:
index="blocklist" (status="submitted" OR status="approved" OR status="rejected")
| eventstats dc(status) AS status_count v...
10-07-2015
09:20 AM
...ia this search:
index="ecom" eventName | eventstats dc(sessionId) as totalnumberofsessions | search eventName = orderPlaced | stats dc(sessionId) as numbuyers max(totalnumberofsessions) as total | e...
12-14-2016
04:26 AM
...his:
index=log sourcetype=data TYPE="PLATFORM" | eventstats sum(QP) AS QTOTAL by AREA | timechart span=1d count(QP) by AREA limit=100 | addtotals
but this has been unsuccessful. QP is a number f...
