Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
3,000 results
Sorted by:
07-08-2013
06:19 PM
5 Karma
Noob question. What is the different between stats and eventstats commands?
- Tags:
- eventstats
- stats
Show results in replies (4)
-
This blog was really useful for me when attempting to understand streamstats and eventstats. T...
-
...earch results and save them as values in new fields. Eventstats is similar to the stats command, except t...
-
...earch-command-stats-eventstats-and-streamstats-2/
-
...paque at times - especially when you get into some of the less common commands like eventstats and s...
01-17-2018
02:53 AM
1 Karma
I can't comprehend what 'eventstats' is. I went thru the splunk docs. I wanna use math functions like avg.. etc.. not sure whether to use stats avg or eventstats avg !! An example would be a...
- Tags:
- splunk-enterprise
Labels
- Labels:
-
stats
03-26-2018
05:48 PM
I have used below query to get distinct values:
stats values(gitRepo) AS serviceName BY buildNum
This gives correct values. Problem is I am not getting value for other fields. If I used eventstats...
11-21-2020
12:02 PM
1 Karma
Hi All I'm new to Splunk and I'm confused between stats eventstats and streamstats. Can anyone help me to understand?
Labels
- Labels:
-
stats
Show results in replies (3)
-
...nd-eventstats-command-in-splunk/. Shortly streamstats calculate over sliding window and eventstats o...
-
...ncoming result set. eventstats Eventstats calculates a statistical result same as stats command o...
-
...re passed down the line eventstats adds to the pipeline as a whole - calculated values are based on a...
01-08-2015
04:57 AM
1 Karma
Hello,
I'm looking to use the eventstats function to count the amount of times the word Error occurs in my event.
Can anyone help as it doesn't appear to work ?
05-19-2015
07:09 AM
...ll churns. where in above i want only churned. please some one help me out.
sourcetype="Customer_Churn"
| stats sum(Total_Revenue) as rev by PLACEMENT
| eventstats sum(rev) as f...
Show results in replies (5)
-
sourcetype="Customer_Churn" | eventstats count(eval(CHURN="1")) as churned_count by P...
-
...ustomer_Churn" | stats sum(eval(if(CHURN=="1",1,0))) as churned_count by PLACEMENT | eventstats sum(c...
-
...ourcetype="Customer_Churn" | eventstats sum(eval(if(CHURN=="0",1,0))) as churned_count by PLACEMENT | eventstats...
-
...elow query, sourcetype="Customer_Churn" | eventstats sum(eval(if(CHURN=="1",1,0))) a...
-
...ustomer_Churn" | stats sum(eval(if(CHURN=="1",1,0))) as churned_count by PLACEMENT | eventstats...
2 weeks ago
hello I stats events after 2 eventstats command like this | eventstats sum(netp) as "netp1" by site
| eventstats sum(netp) as "netp2" by site user
| stats last(netp1) as "n...
Labels
- Labels:
-
other
Show results in replies (5)
-
yes but its just because I have modified the code for the example and I have mistaken... so in my ...
-
You are overwriting the value of netp in the first eventstats - try changing the order | eventstats...
-
Please update your question so that it represents your actual issue
-
it's done
-
Correct - the red bar represents the count for the site, and the blue bar represents the count for ...
05-27-2016
06:44 AM
Hi,
For retriving data from iis logs, I have used various eval statements , eventstats , and stats functions.
When I am using eventstats in my query, I am seeing different results than w...
- Tags:
- splunk-enterprise
Show results in replies (7)
-
What are you trying to calculate using eventstats? On lighter note, if you're getting proper r...
-
...PS a b b c c c After your call to |eventstats count AS RPS_Count BY RPS , you w...
-
Hi, Your explanation is absolutely right. But when I using eventstats function in query, the r...
-
...eed the timespan, I use eventstats function to get it. This is my query: index=t...
-
Thanks for the mail. I am not able to merge queries without eventstats. Even I can use multiple s...
-
.... | eventstats count(RPS_Not401) AS Some_Other_Count BY RPS_Not401_Count
-
...esult set will vary ( stats will work with interim table). That's the reason I have used eventstats...
06-13-2019
04:00 AM
Is there a limit of max values in a multi-value field listSummary for
| eventstats list(variable) as listSummary by <group>
Show results in replies (4)
-
...alues of amountInCHFCat. | table contractId amountInCHFCat | eventstats count as HTamountCounts b...
-
...mountInCHFCat | eventstats count as HTamountCounts by contractId amountInCHFCat | eventstats list(amountInCHFCat) a...
-
...isplay them in a table? In my case use mvdedup at the end. | table contractId amountInCHFCat | eventstats...
-
Hi @wfskmoney , As per the document reference by @kamlesh_vaghela (https://docs.splunk.com/Docume...
08-04-2021
02:34 PM
My long set of SPL starts with the typical filtering on the primary search line. It then uses various eval, foreach, streamstats and eventstats commands to process the data for a big stats a...
Labels
- Labels:
-
other
