stats command overview - Splunk Documentation

The SPL2 stats command calculates aggregate statistics, such as average, count, and sum, over the incoming search results set. This is similar to SQL aggregation. If the stats command is used without a BY clause, only one row is returned, which is the aggregation over the entire incoming result set. If a BY clause is used, one row is returned for each distinct value in the field specified in the BY clause.SyntaxThe required syntax is in bold.stats[allnum = ] [delim = <"string">] [partitions = ] ...( [] [span=] )How the SPL2 stats command worksWhat's important to remember about the SPL2 stats command is that the command returns only the fields used in the aggregation.Suppose these are some of the events in your dataset:_timehostactionquantityproductIdmethod6 Apr 2022 9:39:48.000 PMwww2purchase1PZ-SG-G05POST6 Apr 2022 9:34:10.000 PMwww1view1GET6 Apr 2022 9:34:02.000 PMwww3purchase2SC-MG-G10POST6 Apr 2022 9:34:01.000 PMwww2remove1CU-PG-G06...