Database Reference
In-Depth Information
Reporting commands
The reporting commands listed here are the most important ones. They are vital to perform-
ing analyses in Splunk and also aid in creating dashboards and reports:
Command What it Does
The
top
command returns the values that occur most often, as well as their counts and percentages. The de-
fault is 10.
top source
returns a list of the top 10 sources, including their counts and percentages.
top 15
source, host
returns a list of the 15 most frequent source-host combinations.
top/rare
The
stats
command returns the results of statistical calculations.It can return a single number, as in
stats dc(source),
which gives a distinct count that includes each different source.
stats
Or it can return a table, as in
stats max(kbps) by host
,
which gives the maximum speed for each host.
The
chart
command is used for creating tables of data. In each chart, the x-axis labels are indicated by
either
over
or
by
.
chart count(fail*) over host
chart
creates a chart showing the count of events that include the phrase "fail" plus anything after that (for ex-
ample, "failed", "failure", and the like) for each value of
host
.
For more on the
chart
command, go to
http://docs.splunk.com/Documentation/Splunk/6.1.3/SearchRefer-
The
timechart
command produces a chart with time as the x-axis.
timechart
timechart span=1d avg(delay) by host
creates a chart showing the average delay by each host during a 1 day period.
