Hi
I am working on below query to get Count of requests processed by each API service per minute
index=np source IN ("/aws/lambda/api-data-test-*") "responseTime"
| eval source = if(match(source, "/aws/lambda/api-data-test-(.*)"), replace(source, "/aws/lambda/api-data-test-(.*)", "data/\\1"), source)
| bucket _time span=1m | stats count by source, _time
i get below result for one source "name"
,second source by address,third source by city .
How can i represent different api source with per minute in good understandable format...either graph or pictorial representation
source _time count
| |
| data/name | 2025-03-02 08:13:00 | 2 | |
| data/name | 2025-03-02 08:14:00 | 57 | |
| data/name | 2025-03-02 08:15:00 | 347 | |
| data/name | 2025-03-02 08:16:00 | 62 | |
| data/name | 2025-03-02 08:17:00 | 48 | |
| |
| data/address | 2025-03-02 08:18:00 | 21 | |
| data/city | 2025-03-02 08:19:00 | 66 | |
| data/city | 2025-03-02 08:20:00 | 55 | |
| data/address | 2025-03-02 08:21:00 | 7 | |
name event
{"name":"log","awsRequestId":"aws","hostname":"1","pid":8,"level":30,"requestType":"GET","entity":"name","client":"Ha2@gmail.com","domain":"name.io","queryParams":{"identifier":"977265"},"responseTime":320,"msg":"responseTime","time":"2025-03-02T03:23:40.504Z","v":0}
address event
{"name":"log","awsRequestId":"aws","hostname":"1","pid":8,"level":30,"requestType":"GET","entity":"address","client":"Harggg2@gmail.com","domain":"name.io","queryParams":{"identifier":"977265"},"responseTime":320,"msg":"responseTime","time":"2025-03-02T03:23:40.504Z","v":0}
