From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Join today to access over 25,500 courses taught by industry experts.
Using the rare command - Splunk Tutorial
From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Using the rare command
So, we just discussed that we can use the top command to get statistics for the top or most common values of a field. Now, what if you actually wanted to get statistics for the least or rare values of a field? So there is a command for that as well, known as the rare command. So it's really just a command on the other side of the spectrum, which returns statistics or a table for rare or least common values of a field. Now the constraints that you use for the rare command are exactly the same kind of constraints that we saw for the top command. So the limit argument is going to work exactly the same way. The showPercent argument and the countField argument are going to work exactly the same way. Let's look at an example here. So before, we had, for example, top limit equal to 5 and then responseCode. And that was giving us statistics for the top or most common five values of the responseCode field. Now when we use the rare command, we are going to return those statistics for the bottom…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
(Locked)
Module overview1m 44s
-
(Locked)
Overview of transforming commands4m 12s
-
(Locked)
Using the stats command3m 18s
-
(Locked)
stats count function14m 26s
-
(Locked)
stats distinct_count function4m 14s
-
(Locked)
stats sum and avg functions15m 24s
-
(Locked)
stats list and values functions7m 58s
-
(Locked)
Combining functions11m 25s
-
(Locked)
Using the top command24m 24s
-
(Locked)
Using the rare command10m 22s
-
(Locked)
Formatting statistics tables17m 16s
-
(Locked)
Formatting visualizations12m
-
(Locked)
-
-
-