Stats Command
Use this command to provide summary statistics, optionally grouped by a field. The output for this query includes one field for each of the fields specified in the query, along with one field for each aggregation.
Syntax
Note:
While theeval
command creates new fields by using existing fields and arbitrary expressions, the stats
command calculates statistics based on existing fields.
stats <stats_function> "("<field_name>")" [as new_field_name] [by <field_name> (,<field_name>)*]
Parameters
The following table lists the parameters used with this command, along with their descriptions.
Parameter | Description |
---|---|
|
Use this parameter to specify the field according to which you want the results to be grouped. |
Functions
The following table lists the functions available with this command, along with their examples.
Function | Examples |
---|---|
Values |
|
Unique |
|
Earliest |
|
Latest |
|
Trend |
|
Average Note: This function is supported only for numeric fields. |
|
Distinct Count |
|
Maximum Note: This function is supported only for numeric fields. |
|
Median Note: This function is supported only for numeric fields. |
|
Minimum Note: This function is supported only for numeric fields. |
|
n-th value Note: This function is supported only for numeric fields. |
|
Sum Note: This function is supported only for numeric fields. |
|
Standard Deviation Note: This function is supported only for numeric fields. |
|
For examples of using this command in typical scenarios, see:
- Rename the Fields by Editing the Query in Using Oracle Log Analytics
- Histogram Chart Options in Using Oracle Log Analytics
- Visualize Time Series Data Using the Link Trend Feature in Using Oracle Log Analytics
- Analyze the Access Logs of Oracle WebLogic Server in Using Oracle Log Analytics
The following query returns the count of all logs grouped by severity, including those logs where the value of severity is null.
* | stats count by Severity
Running the following query excludes the results from the aggregation if a field value is null.
* | stats count(Severity) by Severity
The following query returns the count of fatal logs grouped by entity name and type.
Severity = fatal | stats count by Entity, 'Entity Type'
The following query returns the total count of logs.
* | stats count
The following query returns the count of database logs grouped by entity name and severity.
'Entity Type' = 'Database Instance' | stats count by Entity, Severity
The following query returns the values of severity grouped by entity name.
* | stats values(Severity) by Entity
The following query returns the unique values of client host city grouped by entity type.
* | stats unique('Client Host City') by 'Entity Type'
The following query returns the earliest values of the OS Process ID.
* | stats earliest('OS Process ID')
The following query returns the latest values of the Error ID.
* | stats latest('Error ID')
The following query creates an inlined timeseries sparkline. The default function is count
* | stats trend(avg(duration), 2min) by Entity
The following query returns the standard deviation of the set of numbers of the specified field
* | stats stddev('Content Size')