About calculating statistics
This section discusses how to calculate summary statistics on events. When you think about calculating statistics with Splunk's search processing language (SPL), the stats
command is probably what comes to mind first. The stats command generates reports that display summary statistics in a tabular format. Additionally, you can use the chart
and timechart
commands to create charted visualizations for summary statistics and the geostats
command to create map visualizations for summary statistics of events that include geographical location fields.
The stats
, chart
, and timechart
commands (and their related commands eventstats
, geostats
and streamstats
) are designed to work in conjunction with statistical functions. For examples of searches using these commands and functions, read "Use the stats command and functions".
Later topics discuss how to:
- "Use stats with eval expressions and functions" to calculate statistics.
- "Add sparklines to report tables".
The Advanced statistics section contains topics on detecting anomalies, finding and removing outliers, detecting patterns, and time series forecasting.
Evaluate and manipulate fields with multiple values | Use the stats command and functions |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!