From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Join today to access over 25,500 courses taught by industry experts.
stats count function - Splunk Tutorial
From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
stats count function
So, let's now start looking at the different functions that are associated with the stats command. We are going to start here with the count function. So we can use the count function to return the number of events for the current search. So you just run a search index equals mean source type equals event chain. You want to see the number of events that are generated by that search. That is a statistic because you want to generate a value. So you just do stats count and And when you just do stats count, then it's going to tell you in this specific case that you have 9,460 events. But then, what field name is it going to give to that result? It just calls that result count and gives it that value. So basically, it associates the number of events to count field by default. Now, can you change that? Yes, there is a way of doing that. So if you wanted to count, and then you give that field a different name, maybe you thought you wanted to call it total events. And then maybe you wanted to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
(Locked)
Module overview1m 44s
-
(Locked)
Overview of transforming commands4m 12s
-
(Locked)
Using the stats command3m 18s
-
(Locked)
stats count function14m 26s
-
(Locked)
stats distinct_count function4m 14s
-
(Locked)
stats sum and avg functions15m 24s
-
(Locked)
stats list and values functions7m 58s
-
(Locked)
Combining functions11m 25s
-
(Locked)
Using the top command24m 24s
-
(Locked)
Using the rare command10m 22s
-
(Locked)
Formatting statistics tables17m 16s
-
(Locked)
Formatting visualizations12m
-
(Locked)
-
-
-