Have the following queries
query 1 - cf_org_name="xxx" cf_space_name="yyy" cf_app_name=zzz index=123* msg= "Transaction completed" | timechart count AS Succesfull_Tran span=60m
query 2 - cf_org_name="xxx" cf_space_name="yyy" cf_app_name=zzz index=123* msg= "ERROR" | timechart count AS Failed_Tran span=60m
Need help to combine the resultset into a single timechart table . Tried append and it dosent not give the desired output .
Like this:
index="123*" AND cf_org_name="xxx" AND cf_space_name="yyy" AND cf_app_name="zzz"
| timechart span=60m count(eval(msg="ERROR")) AS Failed_Tran count(eval(msg="Transaction completed")) AS Succesfull_Tran
Hi,
Try this too
cf_org_name="xxx" cf_space_name="yyy" cf_app_name=zzz index=123*
| timechart span=1h count as Total , count(eval(msg="Transaction completed")) as Succesfull_Tran , count(eval(msg="ERROR")) as Failed_Tran
| timechart span=60m count by msg
You can also create a new variable and timechart by that
| eval Success = if(msg="Transaction Completed","Success","Error")
| timechart span=60m count by Success