Hi, I wonder whether someone could help me please.
I'm using the following join query which extracts the data perfectly:
`wso2_wmf(RequestCompleted)`
request.detail.Context="individual-*" OR
request.detail.Context="marriage" OR
request.detail.Context="national"
| rename request.detail.applicationClientId as clientId request.detail.Context as api
| join clientId [ | search `application_wmf(RequestReceived)` detail.input="Request to /application"
| spath output=developer input=detail.responseMessage path=name
| rex field=tags.transactionName "clientId\=(?<clientId>[^\W]+)"]
| stats count by developer api
The problem I have is that I no that the Join command is inefficient and my results will be restricted to 50,000 rows.
I know that the best alternative is to use the 'Stats Values' but after trying this using a multisearch and then as OR statement solution as shown below, I have difficulty in bringing together the developer name when using the stats count by api.
(`wso2_wmf(RequestCompleted)`)
request.detail.Context="individual-*" OR
request.detail.Context="marriage" OR
request.detail.Context="national")
( `application_wmf(RequestReceived)`)
Could someone have a look at this please and let me know where I've gone wrong?
Many thanks and kind regards
Chris
