1

I am trying to query using Rest API on splunk with the following:

curl -u "<user>":"<pass>" -k https://splunkserver.com:8089/services/search/jobs/export -d'search=search index%3d"<index_name" sourcetype%3d"access_combined_wcookie" starttime%3d06/02/2013:0:0:0 endtime%3d06/10/2013:0:0:0 uri_path%3d"<uri1>" OR uri_path%3d"<uri2>" user!%3d"-" referer!%3d"-" | eval Time %3d request_time_length%2f1000000 | stats stdev%28Time%29 as stdev, mean%28Time%29 as mean, count%28uri_path%29 as count by uri_path'

However I do not get the computed mean and stdev, I only see count. How can I add the mean and stdev?

4

1 回答 1

0

查询看起来很正确。我最后尝试了一个类似的查询,它似乎给了我所有 3 个聚合。我能想到的唯一一件事就是确保您有符合搜索条件的事件。这可能是你的时间界限。尝试扩展它们,或者删除它们中的一个/两个,看看你是否得到任何平均值和标准差的数据。

于 2013-06-27T17:59:10.833 回答