Solved: How to edit my "stats (count)" search to display a... - Splunk Community

Splunk Search

Hi guys, i have a question about the function stats count (fields) by field | where xxx .

I want just the result of my stats count with an any number but i have a table with this function. Can you tell me how i can do for do that. Thanks.

| stats count(AA) by BB
| where BB!=200

1 KB

1 Solution

Solution

Thanks but I have an other question about the eval function. When i do that :

|bin span=1d _time
| stats count dc(_time) as days by date_wday
| eval Moyenne=(count)/(days)

I have a graphics with Moyenne count and days but if i want just display moyenne how i can remove count and days ?

Thanks for your answer.

View solution in original post

Solution

Thanks but I have an other question about the eval function. When i do that :

|bin span=1d _time
| stats count dc(_time) as days by date_wday
| eval Moyenne=(count)/(days)

I have a graphics with Moyenne count and days but if i want just display moyenne how i can remove count and days ?

Thanks for your answer.

|bin span=1d _time
| stats count dc(_time) as days by date_wday
| eval Moyenne=(count)/(days)
|table Moyenne

If my comment helps, please give it a thumbs up!

It's okay i have founded. I need to say | table date_wday Moyenne.

Thanks you

You could just add |table count(AA) at the end of your search

Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

Unleash the power of Splunk Observability Watch Now In this can't miss Tech Talk! The Splunk Growth ...