Hello,
I'm trying to make an availability graph based on the below calculation:
index="MY_INDEX" host="MY_HOST" NOT "UNWANTED_VHOST" | stats count(eval(status="500" OR status="501" OR status="502" OR status="503" OR status="504" OR status="505" OR status="506" OR status="507" OR status="508" OR status="509" OR status="510" OR status="511")) as error count(eval(status="200")) as good | head 100 | eval calc = (100/(good+error))*good | stats sum(calc) as Disponibilité
The calculation is Ok but I'm not coming to create a timechart where the evolution of "Disponibilité" is calculated day by day.
Do you have any idea of how I can do that ?
Regards,
Thanks for your quick answers @efavreau, @nickhillscpl 🙂
With your help I've found the solution for my case and I put it below if it's can help somebody :
index="MY_INDEX" host="MY_HOST" NOT "UNWANTED_VHOST" | timechart span=1Month count(eval(status>500)) as error count(eval(status="200")) as good | head 100 | eval calc = (100/(good+error))*good | table _time calc
Have a nice day
Thanks for your quick answers @efavreau, @nickhillscpl 🙂
With your help I've found the solution for my case and I put it below if it's can help somebody :
index="MY_INDEX" host="MY_HOST" NOT "UNWANTED_VHOST" | timechart span=1Month count(eval(status>500)) as error count(eval(status="200")) as good | head 100 | eval calc = (100/(good+error))*good | table _time calc
Have a nice day
I'm not exactly sure how you want to represent this data, maybe this is what you are looking for, but in any case its a simpler search.
Try the following and let us know how you would like to represent it.
index="MY_INDEX" host="MY_HOST" NOT "UNWANTED_VHOST"
| eval result=case(status>500, "error", status=200, "good",1=1,"unknown")
| timechart count by result
@tmeriadec Try changing your last line to achieve what you're looking for. The Timechart
command is similar to stats
, but includes _time in its use automatically, whereas using stats
you would have to account for this on your own. The span=1d
is to set your time bucketing into 1 day bins.
| timechart span=1d sum(calc) AS Disponibilité