Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

why per_minute(), per_second() Functions don't work with Stats and streamstats command ??

NPR
Path Finder
‎04-18-2015 09:16 AM

i see this in Search Reference manuel
Stats functions options

stats-function
Syntax:avg() | c() | count() | dc() | distinct_count() | first() | last() | list() |
max() | median() | min() | mode() | p<in>() | perc<int>() | per_day() |
per_hour() | per_minute() | per_second() | range() | stdev() | stdevp() |
sum() | sumsq() | values() | var() | varp()

Description:Functions used with the stats command. Each time you
invoke the statscommand, you can use more than one function;
however, you can only use one by clause. For a complete list of stats
functions with descriptions and examples, see "Functions for stats, chart,
and timechart".

but when i run per_minute(), per_second() Functions with Stats and streamstats commands.
it isn't work why ?
any idea?

thank.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

stephane_cyrill
Builder
‎04-18-2015 02:48 PM

Hi everyone,

at the page 145 in splunk 6.2.2 SearchReference.pdf, where you saw STATS-FUNCTION, as NPR post up there, stats-function there is in the general sense of statistics. all that function are not precisely for STATS COMMAND.

at the end of that paragraph you have a link. "Functions for stats,chart,and timechart" this link redirect us at page 56 of the same document.
There we have a table that list Functions and that commands with which we use them.

It is clearly mention there that functions, per_day(), per_hour(), per_minute(),per_second() are use only with the COMMAND TIMECHART.

SO YOU CAN UNDERSTAND THAT IN SPLUNK FOR THE MOMENT WE DO NOT USE these functions with stats command.

see the manual here:

docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference/Whatsinthismanual

View solution in original post

Reply
Solved! Jump to solution

chimell
Motivator
‎04-19-2015 05:43 AM

Hi NPR
per_second() function is easily applicable to timechart command .Therefore , you can use a subsearch using timechart and per_second() function before use streamstats command.

Mean that you can use timechart and streamstats Or stats command in the same request , you make sure that timechart command come before streamstats or stats command in your request : look at an example

 index="_introspection" | timechart per_second(data.localTime) as X| streamstats current=t global=f window=2 range(X) as X1

you can follow this link for more information

http://answers.splunk.com/answers/228525/how-to-use-the-per-second-function-with-streamstat.html#ans...

Reply
Solved! Jump to solution

NPR
Path Finder
‎04-19-2015 05:52 AM

thank but i want with Stats and streamstats command
and thank olso for the link.

0 Karma
Reply
Solved! Jump to solution
Solution

stephane_cyrill
Builder
‎04-18-2015 02:48 PM

Hi everyone,

at the page 145 in splunk 6.2.2 SearchReference.pdf, where you saw STATS-FUNCTION, as NPR post up there, stats-function there is in the general sense of statistics. all that function are not precisely for STATS COMMAND.

at the end of that paragraph you have a link. "Functions for stats,chart,and timechart" this link redirect us at page 56 of the same document.
There we have a table that list Functions and that commands with which we use them.

It is clearly mention there that functions, per_day(), per_hour(), per_minute(),per_second() are use only with the COMMAND TIMECHART.

SO YOU CAN UNDERSTAND THAT IN SPLUNK FOR THE MOMENT WE DO NOT USE these functions with stats command.

see the manual here:

docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference/Whatsinthismanual

Reply
Solved! Jump to solution

ngatchasandra
Builder
‎04-18-2015 10:52 AM

Hi,
I think this is a mistake ! When you execute the commands streamstats and stats with per_minute functions per_second and per_day , splunk does not see them as the functions but as a argrument ! Because this is what is noted when execute the search. Error in 'stats' command: The argument 'per_day(bytes)' is invalid.

But this is work very fine with timechart command because timechart command can split results in time slot. Like follow for example:

index=_internal|timechart per_day(bytes)
0 Karma
Reply
Solved! Jump to solution

NPR
Path Finder
‎04-19-2015 05:50 AM

thank but i want with Stats and streamstats command

0 Karma
Reply
Get Updates on the Splunk Community!

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

The Splunk Community is a powerful network of users, educators, and organizations working together to tackle ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...