That's spanned at the 1h level because my transaction faker is set up to generate transactions every few minutes across a few days, but you can use it however you want. | timechart span=1h sum("types.events.*") as "types.events.*" | addtotals row=t col=f fieldname="" "types.events.*" sourcetypeaccesscombined timechart count by version sourcetypesomecrashlog timechart count by version. Most aggregate functions are used with numeric fields. Common aggregate functions include Average, Count, Minimum, Maximum, Standard Deviation, Sum, and Variance. | streamstats count as baseEvent | eval series="A" Aggregate functions summarize the values from each event to create a single, meaningful value. You need _time for that, which is a different "event faker" command. types.events.1 types.events.2 types.events.3 | table types.events.* | addtotals row=t col=f fieldname="" "types.events.*" but you probably wanted this | makeresults count=5 types.events.1 types.events.2 types.events.3 sum.1 sum.2 sum.3 | eventstats sum("types.events."*) as sum.* | eval "types.events.3" = tonumber(substr(tostring(random()),2,2)) If a BY clause is used, one row is returned for each distinct value specified in the. Using it makes sense once you want to filter for a specific field. If the stats command is used without a BY clause, only one row is returned, which is the aggregation over the entire incoming result set. I have a query that ends with: eval errormessagemvindex (splited,0) stats count as errorcount by errormessage sort errorcount desc eval errorrateround (errorcount/ ( TOTALERRORS )100,0) Which produces a table with 3 columns: errormessage. | eval "types.events.2" = tonumber(substr(tostring(random()),1,3)) Calculates aggregate statistics, such as average, count, and sum, over the results set. | eval "types.events.1" = tonumber(substr(tostring(random()),1,2)) Here's some run-anywhere code that shows you an example after generating random data.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |