About calculating statistics
This section discusses how to calculate summary statistics on events. When you think about calculating statistics with Splunk's search processing language (SPL), the
stats command is probably what comes to mind first. The stats command generates reports that display summary statistics in a tabular format. Additionally, you can use the
timechart commands to create charted visualizations for summary statistics and the
geostats command to create map visualizations for summary statistics of events that include geographical location fields.
timechart commands (and their related commands
streamstats) are designed to work in conjunction with statistical functions. For examples of searches using these commands and functions, read "Use the stats command and functions".
Later topics discuss how to:
- "Use stats with eval expressions and functions" to calculate statistics.
- "Add sparklines to report tables".
The Advanced statistics section contains topics on detecting anomalies, finding and removing outliers, detecting patterns, and time series forecasting.
Evaluate and manipulate fields with multiple values
Use the stats command and functions
This documentation applies to the following versions of Splunk Cloud™: 7.0.13, 7.2.9, 7.2.10, 8.0.2006, 8.0.2007, 8.1.2008, 8.1.2009, 8.1.2011, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104, 8.2.2105