AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Splunk revenue 20182/29/2024 Default: true dedup_splitvals Syntax: dedup_splitvals= Description: Specifies whether to remove duplicate values in multivalued fields. If set to true, the Search application fills in the time gaps. Default: bins=100 cont Syntax: cont= Description: Specifies whether the chart is continuous or not. See the Bin options section in this topic. The bin-options set the maximum number of bins, not the target number of bins. bin-options Syntax: bins | minspan | span | | aligntime Description: Options that you can use to specify discrete bins, or groups, to organize the information. You can use wild card characters in field names. Use the AS clause to place the result into a new field with a name that you specify. The function can be applied to an eval expression, or to a field or set of fields. Optional arguments agg= Syntax:agg=( ( | ) ) Description: A statistical aggregation function. See the tc options and the where clause sections in this topic. Use the to specify the number of columns to include. Discretization is defined with the tc-options. If field is numerical, default discretization is applied. Description: Specifies a field to split the results by. The field must be specified, except when using the count function, which applies to events as a whole. single-agg Syntax: count | () Description: A single aggregation applied to a single field, including an evaluated field. When concatenating values with a period '.' the search treats both values as strings, regardless of their actual data type. Additionally, the search can concatenate the two operands if they are both strings. For example, with the exception of addition, arithmetic operations might not produce valid results if the values are not numerical. For these evaluations to work, your values need to be valid for the type of operation. When specifying timechart command arguments, either or BY is required.Įval-expression Syntax: | | | | Description: A combination of literals, fields, operators, and functions that represent the value of your destination field. Timechart ( ( ) | ( ) BY ) Required arguments If you set limit=0, no series filtering occurs. These options are ignored if you specify an explicit where-clause. With the limit and agg options, you can specify series filtering. If you use an eval expression, the split-by clause is required. You can specify a split-by field, where each distinct value of the split-by field becomes a series in the chart. Creates a time series chart with corresponding table of statistics.Ī timechart is a statistical aggregation applied to a field to produce a chart, with time used as the X-axis.
0 Comments
Read More
Leave a Reply. |