Which stats command function provides a count of how many unique values exist for a given field in the result set?
Which stats command function provides a count of how many unique values exist for a given field in the result set?
The correct function in Splunk to get a count of unique values for a given field is distinct-count(field). While 'dc(field)' is a commonly used abbreviation, the full function name is distinct-count(field), making it clearer and more consistent with naming conventions.
Answer "A" his example creates a chart of how many new users go online each hour of the day. ... | sort _time | streamstats dc(userid) as dcusers | delta dcusers as deltadcusers | timechart sum(deltadcusers) The dc (or distinct_count) function returns a count of the unique values of userid and renames the resulting field dcusers.
"A" (D is a dash NOT underscore, hence wrong) page 120 pdf
dc() means distinct count. A is the correct answer
https://docs.splunk.com/Documentation/Splunk/9.0.0/SearchReference/Aggregatefunctions "Returns the count of distinct values of the field X. This function processes field values as strings. To use this function, you can specify distinct_count(X), or the abbreviation dc(X). "
A is correct pag 120 distinct_count, dc – returns a count of unique values for a given field
A or B is correct
The question wants unique values, so it has to be A