Hi,
using logs i am generating some stats that are needed to track the performance of my app on daily basis using the below query.
search ...| rex "elapsedTime=(?<ElapsedTime>.*?),\s*MLTime" | rex "X\-ml\-timestamp\: (?<TimeStamp>.*?)\s*\n*X-ml-maxrows" | rex "X\-ml\-size\: (?<size>.*?)\s*\n*X-ml-page" | rex "X\-ml\-page\: (?<page>.*?)\s*\n*X-ml-count" | rex "X\-ml\-elapsed\-time\: (?<MLelapsed>.*?)\s*\n*X-ml-timestamp" | stats max(size) AS Page_Size max(_time) AS End_Time min(_time) AS Start_Time max(page) as Pages count(page) AS Total_Pages max(ElapsedTime) AS Max_ElapsedTime min(ElapsedTime) AS Min_ElapsedTime avg(ElapsedTime) AS Avg_ElapsedTime max(MLelapsed) AS Max_MLElapsedTime min(MLelapsed) AS Min_MLElapsedTime avg(MLelapsed) AS Avg_MLElapsedTime | eval CASS_Date=strftime(Start_Time, "%Y-%m-%d") | eval CASS_Duration= (End_Time-Start_Time)/60 | eval End_Time=strftime(End_Time, "%Y/%m/%d %T.%3Q") | eval Start_Time=strftime(Start_Time, "%Y/%m/%d %T.%3Q") | table CASS_Date Start_Time End_Time CASS_Duration Page_Size Pages Total_Pages Max_ElapsedTime Min_ElapsedTime Avg_ElapsedTime Max_MLElapsedTime Min_MLElapsedTime Avg_MLElapsedTime
can someone please help me to perform the same above for multiple days with single query instead of i manually collecting these stats on daily basis
