Solved: How to edit my "stats (count)" search to display a... - Splunk Community

Splunk Search

Hi guys, i have a question about the function stats count (fields) by field | where xxx .

I want just the result of my stats count with an any number but i have a table with this function. Can you tell me how i can do for do that. Thanks.

| stats count(AA) by BB
| where BB!=200

1 KB

1 Solution

Solution

Thanks but I have an other question about the eval function. When i do that :

|bin span=1d _time
| stats count dc(_time) as days by date_wday
| eval Moyenne=(count)/(days)

I have a graphics with Moyenne count and days but if i want just display moyenne how i can remove count and days ?

Thanks for your answer.

View solution in original post

Solution

Thanks but I have an other question about the eval function. When i do that :

|bin span=1d _time
| stats count dc(_time) as days by date_wday
| eval Moyenne=(count)/(days)

I have a graphics with Moyenne count and days but if i want just display moyenne how i can remove count and days ?

Thanks for your answer.

|bin span=1d _time
| stats count dc(_time) as days by date_wday
| eval Moyenne=(count)/(days)
|table Moyenne

If my comment helps, please give it a thumbs up!

It's okay i have founded. I need to say | table date_wday Moyenne.

Thanks you

You could just add |table count(AA) at the end of your search

Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now! In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...