Splunk® Enterprise

Search Manual

Download manual as PDF

Download topic as PDF

About calculating statistics

This section discusses how to calculate summary statistics on events. When you think about calculating statistics with Splunk's search processing language (SPL), the stats command is probably what comes to mind first. The stats command generates reports that display summary statistics in a tabular format. Additionally, you can use the chart and timechart commands to create charted visualizations for summary statistics and the geostats command to create map visualizations for summary statistics of events that include geographical location fields.

The stats, chart, and timechart commands (and their related commands eventstats, geostats and streamstats) are designed to work in conjunction with statistical functions. For examples of searches using these commands and functions, read "Use the stats command and functions".

Later topics discuss how to:

The Advanced statistics section contains topics on detecting anomalies, finding and removing outliers, detecting patterns, and time series forecasting.

Manipulate and evaluate fields with multiple values
Use the stats command and functions

This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2, 6.6.3

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters