Splunk® Light (Legacy)

Search and Reporting Examples

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Calculate and chart statistics using Splunk Light

Task

Calculate metrics for different hosts.

Searches

These searches start with a search for "error", but you can replace this search with other search terms.

1. Count the number of errors seen on each host.

error | stats count by host

2. Search for outliers. Here, outliers are hosts with a count of errors that is two standard deviations from the mean.

error | stats count by host | eventstats avg(count) as avg_count stdev(count) as std_count | where count>(2*avg_count + std_count)

Last modified on 05 April, 2016
PREVIOUS
Search for errors using Splunk Light 		  NEXT
Compare week over week results using Splunk Light

This documentation applies to the following versions of Splunk® Light (Legacy): 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.1612 (cloud service only), 6.6.0, 6.6.1, 6.6.2, 6.6.3, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters