Hi
Query 1:
| pivot mongo ServerStatus max(currentConnections) SPLITCOL host
| fieldsummary
| fields field, max
| rename field as host, max as max_host
| stats sum(max_host) as Total
| search Total>20000
This above is displaying the total number of connections as expected
i want to add a if condition like whenever i met this condition i want to display connections per host as per below query. i tried including the search inside but this is not helping in my case
eval flag=if(condition, [SEARCH QUERY], null())
Query 2:
| pivot mongo ServerStatus max(currentConnections) SPLITCOL host
| fieldsummary | fields field , max
| rename field AS host, max AS max_host
| eval host=host." (".max_host.")"
| fields host
| mvcombine delim=" , " host
| nomv host
Result:
host1 (1414)
host2 (1415)
host3 (1416)
host4 (3532)
Both Queries are working as expected but i'm looking if i can connect them on condition like execute query 2 only on condition of Total connections exceed.
Any help is appreciated , thank you
