Sparkline-agg Syntax: sparkline (count(), ) | sparkline ((), ) Description: A sparkline specifier, which takes the first argument of a aggregation function on a field and an optional timespan specifier.
SPLUNK EVAL TO COUNT INSTANCES HOW TO
Read more about how to " Add sparklines to your search results" in the Search Manual. Sparklines are inline charts that appear within table cells in search results to display time-based trends associated with the primary key of each row. For an overview about using functions with commands, see Statistical and charting functions. Use the links in the table to see descriptions and examples for each function. The following table lists the supported functions by type of function. Each time you invoke the stats command, you can use one or more functions. Description: Statistical and charting functions that you can use with the stats command. Stats function options stats-func Syntax: The syntax depends on the function that you use. Set to the same value as the default_partitions setting in the nf file, which is 1 by default. When partitions=0, the value of the partitions argument is the same as the value of the default_partitions setting in the nf file. Compare that with parallel reduce, using the redistribute command, that runs the reduce step in parallel on multiple machines. The partitions argument runs the reduce step (in parallel reduce processing) with multiple threads in the same search process on the same machine. Default: a single space partitions Syntax: partitions= Description: Partitions the input data based on the split-by fields for multithreaded reduce. Default: false delim Syntax: delim= Description: Specifies how the values in the list() or values() aggregation are delimited.
dedup_splitvals Syntax: dedup_splitvals= Description: Specifies whether to remove duplicate values in multivalued BY clause fields. If no BY clause is specified, the stats command returns only one row, which is the aggregation over the entire incoming result set. The BY clause returns one row for each distinct value in the BY clause fields. You cannot use a wildcard character to specify multiple fields with similar names. Default: false by-clause Syntax: BY Description: The name of one or more fields to group by. Optional arguments allnum Syntax: allnum= Description: If true, computes numerical statistics on each field if and only if all of the values of that field are numerical.
You can use wild card characters in the field name. Use the AS clause to place the result into a new field with a name that you specify. sparkline-agg-term Syntax: Description: A sparkline aggregation function. For more information on eval expressions, see Types of eval expressions in the Search Manual. You can use wild card characters in field names. The function can be applied to an eval expression, or to a field or set of fields. ) Required arguments stats-agg-term Syntax: ( | ) Description: A statistical aggregation function. This syntax is easy to read, but it does not allow you to use a variable in the middle of a word.Įxample: ontend.$ (stats-function( field) ). Panel titles and metric queries can refer to variables using two different syntaxes: Grafana Cloud Enterprise Open source Variable syntax
0 kommentar(er)
