Cmdlets for Splunk

Build 24.0.9060

Projection Functions

AVG([DISTINCT] expression)

Returns the average of the values of field expression.

  • expression: The expression to use to compute the average.

COUNT([DISTINCT] expression)

Returns the number of occurrences of the field expression. To indicate a specific field value to match, format expression as eval(field="value").

  • expression: The expression to use to compute the count.

EARLIEST(expression)

Returns the chronologically earliest seen value of expression.

  • expression: The expression to use to compute the earliest.

LATEST(expression)

Returns the chronologically latest seen value of expression.

  • expression: The expression to use to compute the latest.

MAX([DISTINCT] expression)

Returns the maximum value of the field expression. If the values of expression are non-numeric, the max is found from alphabetical ordering.

  • expression: The expression to use to compute the max.

MEDIAN(expression)

Returns the middle-most value of the field.

  • expression: The expression to use to compute the median.

MIN([DISTINCT] expression)

Returns the minimum value of the field expression. If the values of expression are non-numeric, the min is found from alphabetical ordering.

  • expression: The expression to use to compute the min.

MODE(expression)

Returns the most frequent value of the field expression.

  • expression: The expression to use to compute the mode.

RANGE(expression)

Returns the difference between the max and min values of the field expression.

  • expression: The expression to use to compute the range.

SUM([DISTINCT] expression)

Returns the sum of the values of the field expression.

  • expression: The expression to use to compute the sum.

SUMSQ(expression)

Returns the sum of the squares of the values of the field expression.

  • expression: The expression to use to compute the sum of the squares.

STDEV(expression)

Returns the sample standard deviation of the field expression.

  • expression: The expression to use to compute the sum of the STDEV.

STDEVP(expression)

Returns the population standard deviation of the field expression.

  • expression: The expression to use to compute the sum of the STDEVP.

VAR(expression)

Returns the sample variance of the field expression.

  • expression: The expression to use to compute the sum of the VAR.

VARP(expression)

Returns the population variance of the field expression.

  • expression: The expression to use to compute the sum of the VARP.

Copyright (c) 2024 CData Software, Inc. - All rights reserved.
Build 24.0.9060