Using stats, eventstats & streamstats for Threat Hunting...Stat!
If you have spent any time searching in Splunk, you have likely done at least one search using the stats command. I won’t belabor the point: stats is a crucial capability in the context of threat hunting — it would be a crime to not talk about it in this series. When focusing on data sets of interest, it's very easy to use the stats command to perform calculations on any of the returned field values to derive additional information.