About calculating statistics
This chapter discusses how to calculate summary statistics on events. When you think about calculating statistics with Splunk's search processing language (SPL), the
stats command is probably what comes to mind first. The stats command generates reports that display summary statistics in a tabular format. Additionally, you can use the
timechart commands to create charted visualizations for summary statistics and the
geostats command to create map visualizations for summary statistics of events that include geographical location fields.
timechart commands (and their related commands
streamstats) are designed to work in conjunction with statistical functions. For examples of searches using these commands and functions, read "Use the stats command and functions".
Later topics discuss how to:
Manipulate and evaluate fields with multiple values
Use the stats command and functions
This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14