Hi Team,
I need help with the below use case.
I have application logs in which each event has below fields
saleproductname HTTPStatus ResponseTime
Possible HTTPStatus values = 200 , 300 ,400 ,500
I need to do a visualization of a statistics table which shows the below details:
productname TotalCalls AvgResp HTTP2XXcalls HTTP2XXcalls(%) HTTP3XX HTTP3XXs(%) HTTP4XX HTTP4XX(%) HTTP5XX HTTP5XX(%)
AirJordan 100 25.5 50 50 10 10 10 10 30 30
swiftrun 1000 55.5 500 50 100 10 100 10 300 30
I have tried various options using stats and chart but I couldn't quite get it as above.
Appreciate your help, thank you!
@newbie2tech ,
Try and verify if the number matches .
"your search" |fields saleproductname, HTTPStatus, ResponseTime
| stats count as total_by_prod_status ,sum(ResponseTime) as total_resp by saleproductname,HTTPStatus|sort productId
| eventstats sum(total_by_prod_status) as total_prod by saleproductname|eval perc=round((total_by_prod_status/total_prod)*100,2)
| chart max(total_by_prod_status) as total_by_prod_status,
max(total_resp) as total_resp,max(perc) as perc over saleproductname by HTTPStatus
| addtotals total_by_prod_status* fieldname=TotalCalls
| addtotals total_resp* fieldname=AvgResp|eval AvgResp=round(AvgResp/TotalCalls,2)
| rename "total_by_prod_status: *" as HTTP*Calls,"perc: *" as HTTP*Calls(%)|fields - total_resp*
| fields saleproductname,TotalCalls,AvgResp,HTTP*
OR
"your search"|fields saleproductname, HTTPStatus, ResponseTime
|stats count as total_by_prod_status ,sum(ResponseTime) as total_resp by saleproductname,HTTPStatus
|chart sum(total_by_prod_status) as tot_by_prod,max(total_resp) as tot_resp_by_prod over saleproductname by HTTPStatus
|addtotals tot_by_prod* fieldname=TotalCalls|addtotals tot_resp_by_prod* fieldname=AvgResp|fields - tot_resp_by_prod*
|rename "tot_by_prod: *" as HTTP*Calls
|foreach HTTP*Calls [eval <<FIELD>>(%)=round((<<FIELD>>/TotalCalls)*100,2)]
|eval AvgResp=round(AvgResp/TotalCalls,2)|table saleproductname,TotalCalls,AvgResp,HTTP*
First one might be faster