-
Notifications
You must be signed in to change notification settings - Fork 2
/
stats-command.json
88 lines (88 loc) · 5.66 KB
/
stats-command.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
{
"links": {
"create": "/servicesNS/-/-/configs/conf-searchbnf/_new",
"_reload": "/servicesNS/-/-/configs/conf-searchbnf/_reload",
"_acl": "/servicesNS/-/-/configs/conf-searchbnf/_acl"
},
"origin": "https://localhost:8089/servicesNS/-/-/configs/conf-searchbnf",
"updated": "2020-01-31T20:52:48+01:00",
"generator": {
"build": "6db836e2fb9e",
"version": "8.0.1"
},
"entry": [
{
"name": "stats-command",
"id": "https://localhost:8089/servicesNS/nobody/system/configs/conf-searchbnf/stats-command",
"updated": "1970-01-01T01:00:00+01:00",
"links": {
"alternate": "/servicesNS/nobody/system/configs/conf-searchbnf/stats-command",
"list": "/servicesNS/nobody/system/configs/conf-searchbnf/stats-command",
"_reload": "/servicesNS/nobody/system/configs/conf-searchbnf/stats-command/_reload",
"edit": "/servicesNS/nobody/system/configs/conf-searchbnf/stats-command",
"disable": "/servicesNS/nobody/system/configs/conf-searchbnf/stats-command/disable"
},
"author": "nobody",
"acl": {
"app": "system",
"can_change_perms": true,
"can_list": true,
"can_share_app": true,
"can_share_global": true,
"can_share_user": false,
"can_write": true,
"modifiable": true,
"owner": "nobody",
"perms": {
"read": [
"*"
],
"write": [
"admin"
]
},
"removable": false,
"sharing": "system"
},
"fields": {
"required": [],
"optional": [],
"wildcard": [
".*"
]
},
"content": {
"appears-in": "3.0",
"category": "reporting",
"commentcheat1": "Remove duplicates of results with the same \"host\" value and return the total count of the remaining results.",
"commentcheat2": "Return the average for each hour, of any unique field that ends with the string \"lay\" (for example, delay, xdelay, relay, etc).",
"commentcheat3": "Search the access logs, and return the number of hits from the top 100 values of \"referer_domain\".",
"description": "Calculate aggregate statistics over the dataset, optionally grouped by a list of fields.\n Aggregate statistics include: \\i\\\n * count, distinct count \\i\\\n * mean, median, mode \\i\\\n * min, max, range, percentiles \\i\\\n * standard deviation, variance \\i\\\n * sum \\i\\\n * earliest and latest occurrence \\i\\\n * first and last (according to input order into stats command) occurrence \\p\\\n Similar to SQL aggregation. \n If called without a by-clause, one row is produced, which represents the \n aggregation over the entire incoming result set. If called with a \n by-clause, one row is produced for each distinct value of the by-clause. \n The 'partitions' option, if specified, allows stats to partition the \n input data based on the split-by fields for multithreaded reduce. \n The 'allnum' option, if true (default = false), computes numerical statistics on each \n field if and only if all of the values of that field are numerical. \n The 'delim' option is used to specify how the values in the 'list' or 'values' aggregation are delimited. (default is a single space)\n When called with the name \"prestats\", it will produce intermediate results (internal).",
"disabled": false,
"eai:acl": null,
"eai:appName": "system",
"eai:userName": "nobody",
"example1": "sourcetype=access* | stats avg(kbps) by host",
"example2": "sourcetype=access* | top limit=100 referer_domain | stats sum(count)",
"examplecheat1": "... | stats distinct_count(host)",
"examplecheat2": "... | stats avg(*lay) BY date_hour",
"examplecheat3": "sourcetype=access_combined | top limit=100 referer_domain | stats sum(count)",
"maintainer": "steveyz",
"note": "When called without any arguments, stats assumes the argument \"default(*)\".\n This produces a table with the cross-product of aggregator and field as columns,\n And a single row with the value of that aggregator applied to that field across all data.",
"related": "eventstats, rare, sistats, streamstats, top",
"shortdesc": "Provides statistics, grouped optionally by field.",
"simplesyntax": "stats (((c|count|dc|distinct_count|estdc|estdc_error|earliest|latest|avg|stdev|stdevp|var|varp|sum|min|max|mode|median|first|last|earliest|latest|percint|list|values|range) \"(\" <field> \")\") (as <field>)? )+ (by <field-list>)? (<dedup_splitvals>)?",
"supports-multivalue": "1",
"syntax": "stats <stats-command-arguments>",
"tags": "stats statistics event sparkline count dc mean avg stdev var min max mode median",
"usage": "public"
}
}
],
"paging": {
"total": 1,
"perPage": 30,
"offset": 0
},
"messages": []
}