Synopsis

Calculates the average of the values in a specified column of the search query results.Displays the distribution over time of all values under the specified column(s) as appear in the log(s).

Note - this function is a large resource consumer and should be used only in case that it is focused on a limited number of events (simple search prior to the 'dist' aggregation)

Syntax

dist [column_name]

Required Arguments

...

Example 2:  

* in log.application | listdist event, type

Returns a distribution over time of all values under the columns Event and Type in the log Application