Extract Field Statistics

Extract field statistics from a repository using the fieldstats() function

Query

logscale
fieldstats()

Introduction

The fieldstats() function can be used to provide the distinct count and total count for a field in a event set. The function returns an event set that contains statistics for the fields in the current event set.

In this example, the fieldstats() function is used to get the statistics for the fields #type, field, _count and distinct within the HUMIO repository. The example will only show the first 20 rows (but the limit parameter has a default value of 200 rows.

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    fieldstats()

    Extracts statistics about fields within the humio respository.

  3. Event Result set.

Summary and Results

The query is used to extract statistics about the fields within a current event stream. The process of extracting insights from data streams in real time or near-real time can be used to identify and act on critical business moments, collect data from various sources, and to understand the meaning of this data and its content. Statistics are useful for analyzation.

Sample output from the incoming example data (showing the first 20 rows only):

#typefield_countdistinct
humiodecodedContentLength60501107
humiooriginalName15482419
humiotx_fifo162961
humiohumioClass1641588320
humiop7526865842439
humiobucketId2344182
humiodataspaceId1007793556
humiouserAgent616757
humiodatasource9037297143
humiorequest-rate4367824248
humiotopic_leader_size1861116112
humioreadOnly1580361
humiorequest-latency-avg395427169
humio@rawstring1751791517696022
humiopercentDone8543139209
humiouri61675325
humiotx_carrier162961
humiop9826865845969
humiototalCount427319
humios3AccessConfig1580361