I Have Service_names (A, B ,C ,D, E, F, G, H, I J, K, L , M) but want (C ,D, E, F, G, H, I J, K, L , M ) services_names renamed as "Other_Services" | Stats by services_names | table services_names time_Taken
Thanks in advance!
Hi @kc_prane ,
you shared only a part of your search, so I cannot check it.
anyway, does it solves your requirement?
Ciao.
Giuseppe
View solution in original post
ony one question: what's time_Token?
if it's a field, please try something like this:
<your_search | eval services_names=if(services_names IN ("A", "B"), service_name, "Other_Services") | stats values(time_Token) AS time_Token BY services_names | table services_names time_Taken
otherwise, please explain what's time_Token, or apply my approach to your search.
Hi gcusello, Thanks for the reply, Iam looking to get results like below.
my base search
| rex "^[^=\n]*=(?P<ServiceName>[^,]+)" | rex "TimeMS\s\=\s(?<Trans_Time>\d+)"
Results
Thanks for the help! @gcusello. I fixed my rex Iam seeing results now.
