Hi everyone,
| State |
ID |
APP |
_time |
| INFO |
ABC |
Car |
19/08/22 19:51 |
| INFO |
ABC |
Car |
19/08/22 19:52 |
| INFO |
DEF |
Car |
20/08/22 19:53 |
| INFO |
ZZZ |
Book |
30/08/22 19:51 |
| INFO |
ZZZ |
Book |
19/08/22 19:55 |
| WARN |
ABC |
Car |
19/08/22 19:56 |
| WARN |
XYZ |
Car |
20/08/22 19:51 |
| WARN |
ZZZ |
Book |
19/08/22 19:58 |
| WARN |
ZZZ |
Book |
19/08/22 19:59 |
| ERROR |
ABC |
Car |
19/08/22 20:00 |
| ERROR |
ABC |
Car |
19/08/22 20:01 |
| ERROR |
XYZA |
Car |
30/08/22 19:51 |
I have following data as mentioned in table above, and i have to create a statistical analysis for following requirement
- Find out count of distinct ID By APP for any given STATE
Ex.:
For State=Info, My Results should be:
For State=ERROR, My Results should be:
Currently i am trying like this:
index=testdata
| stats count(eval(searchmatch("*INFO*"))) BY APP
But i am Not getting count of records with Distinct ID.
My Question is: How to use stats command with eval function and distinct function on two separate columns.
