stats command overview - Splunk Documentation
The SPL2 stats command calculates aggregate statistics, such as average, count, and sum, over the incoming search results set. This is similar to SQL aggregation. If the stats command is used without a BY clause, only one row is returned, which is the aggregation over the entire incoming result set. If a BY clause is used, one row is returned for each distinct value in the field specified in the BY clause.SyntaxThe required syntax is in bold.stats[allnum = ] [delim = ] [partitions = ] ...( [] [span=]... Читать дальше...