The reset is as if no previous events have been seen. Default: false reset_on_change Syntax: reset_on_change= Description: Specifies that all of the accumulated statistics are reset when the group by fields change. When the reset_before argument is combined with the window argument, the window is also reset when the accumulated statistics are reset. The eval-expression must evaluate to true or false. Default: false reset_before Syntax: reset_before="("")" Description: Before the streamstats calculations are produced for an event, reset_before specifies that all of the accumulated statistics are reset when the eval-expression returns true.
When the reset_after argument is combined with the window argument, the window is also reset when the accumulated statistics are reset. The eval-expression can reference fields that are returned by the streamstats command. Default: true reset_after Syntax: reset_after="("")" Description: After the streamstats calculations are produced for an event, reset_after specifies that all of the accumulated statistics are reset if the eval-expression returns true. If global=false and window is set to a non-zero value, a separate window is used for each group of values of the field specified in the by clause.
Splunk stats count by windows#
Defines whether to use a single window, global=true, or to use separate windows based on the by clause. Default: true global Syntax: global= Description: Used only when the window argument is set. If false, the search uses the field value from the previous event. current Syntax: current= Description: If true, the search includes the given, or current, event in the summary calculations. Default: false by-clause Syntax: BY Description: The name of one or more fields to group by. Optional arguments allnum Syntax: allnum= Description: If true, computes numerical statistics on each field only if all of the values in that field are numerical. For more information on eval expressions, see Types of eval expressions in the Search Manual. You can use wild card characters in field names. Use the AS clause to place the result into a new field with a name that you specify. The function can be applied to an eval expression, or to a field or set of fields. Required arguments stats-agg-term Syntax: ( | ) Description: A statistical aggregation function. The total is calculated by using the values in the specified field for every event that has been processed, up to the current event. For example, you can calculate the running total for a particular field. The streamstats command calculates statistics for each event at the time the event is seen. Adds cumulative summary statistics to all search results in a streaming manner.
0 kommentar(er)
