Splunk Search

stats command file doubt

rakesh_498115
Motivator

Hi,

Is the default stats command for computing avg,min,max and sdev a custom search command which calls the rawstats.py file?
I have disabled the rawstats command for my search app, but I am available to run the stats command.

Am I missing something or is my understanding wrong?

Please help.

0 Karma

rakesh_498115
Motivator

ok Ayn.thanks 🙂

0 Karma

Ayn
Legend

I'm not sure what you didn't understand about that stats is an INTERNAL command. There IS no available code for it. rawstats.py seems like a good place to start with your own experiments.

0 Karma

rakesh_498115
Motivator

Ayn . can you please give me the sample code of avg function for stats command pls.. i need work for an extra functionlity on tat.

0 Karma

Ayn
Legend

As dart says, there is no external file. stats is a built-in command. If you need extra functionality, you'll need to build your own custom search command that adds it.

0 Karma

rakesh_498115
Motivator

no..values are correct only... i need to have some extra funtionality of stats command..so wanted to check that stats command file..cany you me help me in finding the exact file pls

0 Karma

dart
Splunk Employee
Splunk Employee

The stats command is a builtin. rawstats is the command that uses rawstats.py:

[rawstats]
filename = rawstats.py
streaming = true
retainsevents = true
overrides_timeorder = false

Ayn
Legend

Why not try it?

0 Karma

rakesh_498115
Motivator

so dart . if i define my additional functionality to this piece of code in rawstats.py file

def stats(r):
"""returns the median, average, standard deviation, min and max of a sequence"""
tot = sum(r)
avg = tot/len(r)

sdsq = sum([(i-avg)**2 for i in r])
s = list(r)
s.sort()
return s[len(s)//2], avg, (sdsq/(len(r)-1 or 1))**.5, min(r), max(r)

and save it as seperate command .. will that work ??

0 Karma

sdaniels
Splunk Employee
Splunk Employee

What are trying to achieve? Is there something wrong with the values that the stats command is returning?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...