Stats Command

Use this command to provide summary statistics, optionally grouped by a field. The output for this query includes one field for each of the fields specified in the query, along with one field for each aggregation.

Syntax

Note:

While the eval command creates new fields by using existing fields and arbitrary expressions, the stats command calculates statistics based on existing fields.

stats <stats_function> "("<field_name>")" [as new_field_name] [by <field_name> (,<field_name>)*]

Parameters

The following table lists the parameters used with this command, along with their descriptions.

Parameter	Description
`field_name`	Use this parameter to specify the field according to which you want the results to be grouped.

Functions

The following table lists the functions available with this command, along with their examples.

Function	Examples
Values	`values(field_name)` `values(Label)` `values(Severity)` `values(‘Client Host City’)` `values(‘Client Host Country’)` `values(‘Client Host Continent’)`
Unique	`unique(field_name)` `unique(Label)` `unique(Severity)` `unique(‘Client Host City’)` `unique(‘Client Host Country’)` `unique(‘Client Host Continent’)`
Earliest	`earliest(field_name)` `earliest(‘OS Process ID’)`
Latest	`latest(field_name)` `latest(‘Error ID’)`
Trend	`trend(duration)` `trend` `trend(1hr)`
Average Note: This function is supported only for numeric fields.	`avg(field_name)` `avg(‘Content Size’)`
Distinct Count	`distinctcount(field_name)` `distinctcount(Severity)`
Maximum Note: This function is supported only for numeric fields.	`max(field_name)` `max('Content Size')`
Median Note: This function is supported only for numeric fields.	`median(field_name)` `median('Content Size')`
Minimum Note: This function is supported only for numeric fields.	`min(field_name)` `min('Content Size')`
n-th value Note: This function is supported only for numeric fields.	`pct(field_name, n)` `pct('Content Size', 90)`
Sum Note: This function is supported only for numeric fields.	`sum(field_name)` `sum(‘Content Size’)`
Standard Deviation Note: This function is supported only for numeric fields.	`stddev(field_name)` `stddev(‘Content Size’)`

For examples of using this command in typical scenarios, see:

Rename the Fields by Editing the Query in Using Oracle Log Analytics
Histogram Chart Options in Using Oracle Log Analytics
Visualize Time Series Data Using the Link Trend Feature in Using Oracle Log Analytics
Analyze the Access Logs of Oracle WebLogic Server in Using Oracle Log Analytics

The following query returns the count of all logs grouped by severity, including those logs where the value of severity is null.

* | stats count by Severity

Running the following query excludes the results from the aggregation if a field value is null.

* | stats count(Severity) by Severity

The following query returns the count of fatal logs grouped by entity name and type.

Severity = fatal | stats count by Entity, 'Entity Type'

The following query returns the total count of logs.

* | stats count

The following query returns the count of database logs grouped by entity name and severity.

'Entity Type' = 'Database Instance' | stats count by Entity, Severity

The following query returns the values of severity grouped by entity name.

* | stats values(Severity) by Entity

The following query returns the unique values of client host city grouped by entity type.

* | stats unique('Client Host City') by 'Entity Type'

The following query returns the earliest values of the OS Process ID.

* | stats earliest('OS Process ID')

The following query returns the latest values of the Error ID.

* | stats latest('Error ID')

The following query creates an inlined timeseries sparkline. The default function is count

* | stats trend(avg(duration), 2min) by Entity

The following query returns the standard deviation of the set of numbers of the specified field

* | stats stddev('Content Size')