Splunk 简明教程
Splunk - Transforming Commands
这些是 Splunk 中用于将搜索结果转换为此类数据结构的命令,该数据结构对于表示统计信息和数据可视化很有用。
These are the commands in Splunk which are used to transform the result of a search into such data structures which will be useful in representing the statistics and data visualizations.
Examples of Transforming Commands
以下是一些转换命令的示例−
Following are some of the examples of transforming commands −
-
Highlight − To highlight the specific terms in a result.
-
Chart − To create a chart out of the search result.
-
Stats − To create statistical summaries from the search result.
Highlight
此命令用于 highlight specific terms in the search result set 。它通过将搜索词作为参数提供给高亮功能来使用。通过用逗号分隔多个搜索词来提供。
This command is used to highlight specific terms in the search result set. It is used by supplying the search terms as arguments to the highlight function. Multiple search terms are supplied by separating them with comma.
在下面的示例中,我们在结果集中搜索词 safari 和 butter 。
In the below example, we search for the terms, safari and butter in the result set.
Chart
chart 命令是一种转换命令,它以表格格式返回结果。然后可以使用这些结果将数据显示为图表,例如柱状图、折线图、面积图等。在下面的示例中,我们通过绘制每种文件类型的平均字节数来创建一个水平条形图。
The chart command is a transforming command that returns your results in a table format. The results can then be used to display the data as a chart, such as column, line, area, etc. In the below example, we create a horizontal bar chart by plotting the average size of bytes for each file type.
Stats
Stats 命令将搜索结果数据集转换为各种统计表示形式,具体取决于我们为此命令提供的参数类型。
The Stats command transforms the search result data set into various statistical representations depending on the types of arguments we supply for this command.
在下面的示例中,我们对 count 函数使用 stats 命令,然后按键段进行分组。在这里,我们计算在每个星期几创建的文件名的数量。搜索字符串的结果以表格形式输出,并为每一天创建行。
In the below example, we use the stats command with count function which is then grouped by another field. Here, we are counting the number of file names created on each week day. The result of the search string come out in a tabular from with rows created for each day.
