The Data Forge • Room 3

🖥️ SPL Lab: Stats in Action

Now practice writing a stats query from scratch. You have a "main" index with web server events. Each event has a host field indicating which server generated it.

Your goal: count how many events each host has generated.

The pipe character (|) separates the search from the command. Use "stats count by" to group results.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Write a search on index=main that counts the number of events per host.

Splunk Search Bar