Which command performs statistical queries on indexed fields in tsidx files?

The command that performs statistical queries on indexed fields in tsidx files is "tstats." This command is specifically designed to work with the indexed data in a more efficient manner than the regular search command, especially when it comes to large datasets.

Using "tstats," analysts can quickly retrieve summary statistics from the indexed fields, allowing for faster searches on large data volumes without needing to scan the entire dataset. This is particularly valuable in cybersecurity contexts, where prompt analysis of large amounts of data is essential for identifying and responding to threats.

In contrast, other commands like "stats" perform statistical calculations on events that are already retrieved by a search. The "transaction" command is used to group search results into a single event based on common fields, which is not related to statistical querying per se. The "search" command is the foundational command that retrieves events and can be enhanced with various options for filtering and statistics, but it is less efficient for statistical analyses when handling indexed fields in tsidx files.