How do I operate on (and search from) sub-properti...

npxcomplete · ‎10-02-2019

I have messages that look like:

{ 
timers: {
      x.y.zaz{ count: 5 },
      x.y.waw{ count: 5 }
   }
}

I would like to run a search like:

timers.x.y.*a*.count | sum > 5

Is there a way I can express this? It does not need to be very efficient.

woodcock · ‎10-14-2019

Show us 5 sample events and a mockup of your desired output.

aohls · ‎10-10-2019

I am not sure what you are looking for but assuming you are looking for the value 5. You could do a regex on that field first maybe.

| rex field=_raw "count: (?<timerCount>\d+)"

With that you can then check: timerCount > 5

How do I operate on (and search from) sub-properties matching a pattern.