Documentation > Splunk > Search Reference > sirare

Search Reference

 


Welcome
Search Overview
Search Commands
Custom Search Commands

sirare

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

sirare

Synopsis

Summary indexing friendly versions of rare command.

Syntax

sirare rare_syntax

Arguments

See syntax for the rare command.

Description

Summary indexing friendly versions of rare command, using the same syntax. Does not require explicitly knowing what statistics are necessary to store to the summary index in order to generate a report.

Examples

Example 1: Compute the necessary information to later do 'rare foo bar' on summary indexed results.

... | sirare foo bar

See also

collect, overlap, sichart, sistats, sitimechart, sitop

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.4/SearchReference/Sirare"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!