From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Join today to access over 25,400 courses taught by industry experts.
Overview of transforming commands - Splunk Tutorial
From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Overview of transforming commands
So, as we just said, transforming commands are used to order search results into a statistics table. So in the example here, we are using the stats command to count the number of events by client IP. So in our data set, we have multiple client IPs. We want to see how many events exist for each client IP in the result set. So the stats table shows the client IP values and the corresponding count of events. So if you go there, you're going to see that for each client IP that you have here, you're going to have the count of events on the right client IP count of events. So what you notice with the transforming commands here is that as soon as you run transforming commands on your data, then it's going to show the results on the statistics tab. So if you just go ahead and run index equals web, source type equals access combined, you're going to see your events here. But as soon as you execute the transforming commands, because we say that it orders the search results into a statistics…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
(Locked)
Module overview1m 44s
-
(Locked)
Overview of transforming commands4m 12s
-
(Locked)
Using the stats command3m 18s
-
(Locked)
stats count function14m 26s
-
(Locked)
stats distinct_count function4m 14s
-
(Locked)
stats sum and avg functions15m 24s
-
(Locked)
stats list and values functions7m 58s
-
(Locked)
Combining functions11m 25s
-
(Locked)
Using the top command24m 24s
-
(Locked)
Using the rare command10m 22s
-
(Locked)
Formatting statistics tables17m 16s
-
(Locked)
Formatting visualizations12m
-
(Locked)
-
-
-