I have a Data Model called Web_Events with a root object called Access.
There is a field in Access called 'status_category' with values "client error", "server error", "okay" or "other".
I am trying to list the count of events which have 'status_catgory' as "client error" and "server error" hour by hour
So I want to generate a table of following format
| _time | client_error_count | server_error_count |
| 2022-01-26:17:30:00 | <count of client error> | <count of server error> |
| 2022-01-26:18:30:00 | <count of client error> | <count of server error> |
Can anyone help me with this?
The closest I could achieve was as following:
| _time | Access.status_category | error_count |
| 2022-01-26:17:30:00 | server error | 2 |
| 2022-01-26:18:30:00 | client error | 6 |
| 2022-01-26:18:30:00 | server error | 7 |
with help of this query: (status_code is another field which contains values of HTTP status codes)
| tstats count(Access.status_code) as error_count from datamodel=Web_Events.Access where Access.status_code!=200 earliest="01/26/2022:00:00:00" latest="02/02/2022:23:59:59" BY Access.status_category _time span=1h | table _time, Access.status_category, error_count | sort _time
