September 8, 2024

A technical troubleshooting blog about Oracle with other Databases & Cloud Technologies.

Exposure to commands in Splunk – Part I

2 min read

Stats:

The stats command is used to calculate summary statistics on the results of a search or the events retrieved from an index.

  • count
    • It gives you the count of events on the basis of fields selected or as a whole
    • You can have count based on multiple events.
index=main host=pheonix_01 sourcetype=main source="C:\Windows\asrblogger\pheonix01.log"
| stats count
  • average/min/max
    • These mathematical commands are used to calculate the average value, maximum values, minimum values of the total event or per entity like server, log file etc.
index=main host=pheonix_01 sourcetype=main source="C:\Windows\asrblogger\pheonix01.log"
| stats avg(values) max(values) min(values)
  • “by” clause
    • This is used to get the values as output based on an entity and not as whole.
index=main host=pheonix_01 sourcetype=main source="C:\Windows\asrblogger\pheonix01.log"
| stats avg(values) max(values) min(values) by host

You can get the output data based on multiple entity 
index=main host=pheonix_01 sourcetype=main source="C:\Windows\asrblogger\pheonix01.log"
| stats avg(values) max(values) min(values) by host sourcetype
  • “rename” command or “as” clause
    • This is used to rename the field.
index=main host=pheonix_01 sourcetype=main source="C:\Windows\asrblogger\pheonix01.log"
| stats avg(values) max(values) min(values) by host
| rename avg(value) as "average value" max(value) as "maximum value" min(value) as "minimum value"

This can also be done in the same statement using “as” clause only.

index=main host=pheonix_01 sourcetype=main source="C:\Windows\asrblogger\pheonix01.log"
| stats avg(values) as "average value" max(values) as "maximum value" min(values) as "minimum value" by host

“where” command

  • “sort” command
    • This is used to sort the output data as per requirement.
index=main host=pheonix_01 sourcetype=main source="C:\Windows\asrblogger\pheonix01.log"
| stats avg(values) as "average value" max(values) as "maximum value" min(values) as "minimum value" by host
| sort "average value"
  • “where” command
    • This is used to filter the output data as per requirement.
index=main host=pheonix_01 sourcetype=main source="C:\Windows\asrblogger\pheonix01.log"
| stats avg(values) as "average value" max(values) as "maximum value" min(values) as "minimum value" by host
| where "average value" > 5

More Articles

1 min read

SPLUNK User Interface

2 min read

Basic Search: SPLUNK

black room divider with geometric design on white surface 2 min read

Overview

You may have missed

black smartphone on table 2 min read

Better error messages in Oracle 23ai !!

an artificial intelligence illustration on the wall 2 min read

Enhanced Querying: Eliminating the “FROM DUAL” Clause in Oracle Database 23ai !!

Antares Fairing Installed 10 min read

Step by Step Oracle Database 23ai Installation on Oracle Linux 8.10 !!

text on computer monitor 3 min read

What is the difference between Prepatch and Postpatch in Oracle Patching !!