![]() The eventstats command looks for events that contain the field that you want to use to generate the aggregation. You can use the fields in your events in subsequent commands in your search, because the events have not been transformed ![]() You can only use the fields in your aggregated results in subsequent commands in the search The differences between these commands are described in the following table:Įvents are transformed into a table of aggregated search resultsĪggregations are placed into a new field that is added to each of the events in your output You can use both commands to generate aggregations like average, sum, and maximum. The eventstats command is similar to the stats command.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |