In timechart, how to Search for the values >n ?
(ex) search : weblog
" * | strcat clientip "@" uri A_COMBO | timechart count by A_COMBO "
How to search results values of greater than OR less than?( values >20 OR values <20)
Thanks! that helped
I think timechart command does not support what you want. In stead, do you think stats command work?
" * | strcat clientip "@" uri A_COMBO | stats count by A_COMBO _time | search count > 20"
Then, you will be able to use timechart if you want.