Solved: Multivalue Chart

rahulbhatt04 · ‎09-12-2014

I have to write a time chart in a day how many different event value happened.

[- logToABTest() response ABTestLog [uniqueId:123, abTestName:null, experience:null, eventName:State:, eventValue:funding_source]

[- logToABTest() response ABTestLog [uniqueId:123, abTestName:null, experience:null, eventName:State:, eventValue:first_page]

lguinn2 · ‎09-12-2014

This doesn't really seem to be a question, but let me try to answer it anyway.

yoursearchhere
| rex "eventValue:(?<eventValue>.*)\]"
| timechart count by eventValue

This assumes that you do not already have a field named eventValue. If you do have the field, you can leave off the second line.

lguinn2 · ‎09-12-2014

This doesn't really seem to be a question, but let me try to answer it anyway.

yoursearchhere
| rex "eventValue:(?<eventValue>.*)\]"
| timechart count by eventValue

This assumes that you do not already have a field named eventValue. If you do have the field, you can leave off the second line.

Multivalue Chart