![]() When you use the stats command, you must specify either a statistical function or a sparkline function. Usage Eval expressions with statistical functions ![]() Each sparkline value is produced by applying this aggregation to the events that fall into each particular time bin. Description: Aggregation function to use to generate sparkline values.You can use wildcard characters in the field name. If the sparkline is not scoped to a field, only the count aggregator is permitted. If no timespan specifier is used, an appropriate timespan is chosen based on the time range of the search. Description: A sparkline specifier, which takes the first argument of an aggregation function on a field and an optional timespan specifier.Syntax: sparkline (count(), ) | sparkline ((), ).Sparklines are inline charts that appear within table cells in search results to display time-based trends associated with the primary key of each row. However, you can use only one BY clause.įrequently Asked Splunk Interview Questions Sparkline function options Each time you invoke the stats command, you can use more than one function. Description: Functions used with the stats command.Syntax: avg() | c() | count() | dc() | distinct_count() | earliest() | estdc() | estdc_error() | exactperc() | first() | last() | latest() | list() | max() | median() | min() | mode() | p() | perc() | range() | stdev() | stdevp() | sum() | sumsq() | upperperc() | values() | var() | varp(). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |