1. Using Oracle Log Analytics Search
  2. Command Reference
  3. Timestats Command

Timestats Command

Use this command to generate data for displaying statistical trends over time, optionally grouped by field.

Syntax

timestats [<bucketing_option>] <stats_function / timestats_function> "("<field_name>")" [as new_field_name] [by_<field_name>]

Parameters

The following table lists the parameters used with this command, along with their descriptions.

Parameter Description

bucketing_option

Use this parameter to specify how the data should be bucketed. Permitted values for this parameter must follow the format <span>.

span

Use this parameter to set the size of each bucket, using a span length based on time. Permitted values for this parameter must follow the format <int><timescale>.

timescale

Use this parameter to specify the time for sizing the buckets. Permitted values for this parameter must be either <sec>, <min>, <hour>, <day>, <week>, <month>, or <year>.

sec

Use this parameter to specify whether the buckets should span across seconds. Permitted values for this parameter include s, sec, secs, second, and seconds.

min

Use this parameter to specify whether the bucket should span across minutes. Permitted values for this parameter include m, min, mins, minute, or minutes.

hour

Use this parameter to specify whether the bucket should span across hours. Permitted values for this parameter include h, hr, hrs, hour, and hours.

week

Use this parameter to specify whether the bucket should span across weeks. Permitted values for this parameter include w, week, and weeks.

month

Use this parameter to specify whether the bucket should span across months. Permitted values for this parameter include mon, month, and months.

Note:

You can use the functions that are associated with the stats command with the timestats command too. For details about the functions and the examples of using the functions with the command, see Stats Command.

Functions

The following table lists the functions available with this command, along with their examples.

Function Examples

persecond: Returns one data point per span interval representing the average rate per second.

persecond(field_name)

  • | timestats persecond('Error Id')

perminute: Returns one data point per span interval representing the average rate per minute

perminute(field_name)

  • | timestats perminute('Error Id')

perhour: Returns one data point per span interval representing the average rate per hour

perhour(field_name)

  • | timestats perhour('Error Id')

perday: Returns one data point per span interval representing the average rate per day

perday(field_name)

  • | timestats perday('Error Id')

The following query returns the count of fatal log entries over the specified time range.

Severity = fatal | timestats count

The following query returns the count of logs bucketed into daily chunks.

* | timestats span = 1day count