![]() For an overview about using functions with commands, see Statistical and charting functions. Use the links in the table to see descriptions and examples for each function. The following table lists the supported functions by type of function. See Usage to learn more about using PREFIX(), and about searches you can run to find raw segments in your data. You cannot use wildcards to specify field names. ![]() You cannot specify functions without applying them to fields or eval expressions that resolve into fields. You can also rename the result using the AS keyword, unless you are in prestats mode ( prestats=true). You can apply the function to a field, or to a PREFIX() directive if you want to aggregate a raw segment in your indexed events as if it were an extracted field-value pair. ![]() For a list of the supported functions for the tstats command, refer to the table below. Description: Either perform a basic count of a field or perform a function on a field. ] Required arguments Syntax: (count | (PREFIX() | )). The indexed fields can be from indexed data or accelerated data models.īecause it searches on index-time fields instead of raw events, the tstats command is faster than the stats command.īy default, the tstats command runs over accelerated and unaccelerated data models. Use the tstats command to perform statistical queries on indexed fields in tsidx files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |