I want to merge values with similar string context and still be able to reverse search for those logs. Similar to this
The stats count look something like this
error count
invalid input 25
price "1.24" does not match "1.21" 1
price "1.00" does not match "1.01" 1
price "1.34" does not match "3.21" 1
external services 15
I want it to look something like
error count
invalid input 25
price * does not match * 3
external services 15
When say I want to find the logs matches "price __ does not match __ " I can see the list of specific logs combined
If you know all the patterns which you want to merge, like price "N1" does not match "N2"
, then you use use eval replace command before your stats command to make them similar.
Your base search before stats
| eval error=replace(error,"(price )\S+( does not match )\S+","\1*\2*")
| stats count by error
If it throws error, escape the asterisk with \
in replace command.
If you know all the patterns which you want to merge, like price "N1" does not match "N2"
, then you use use eval replace command before your stats command to make them similar.
Your base search before stats
| eval error=replace(error,"(price )\S+( does not match )\S+","\1*\2*")
| stats count by error
If it throws error, escape the asterisk with \
in replace command.
What happens if I know there are many string repetitions in the results? Someway to merge all of them together without having to do an eval
for every string?
@exocore123 have you found the way to merge all of them without using an eval
?