index=dummy <mySearchCondition>| search response_code1!=200| stats countwhen i search for this query i get output as 0 in count column. but when i try this query:
index=dummy <mysearchCondition> | bin _time span=1d |eval Time=strftime(_time , "%d/%m/%Y %H:%M")| search response_code1!=200| stats count by Timeexpected ans for this:
| Time | count |
| 2021-04-20 04:36 | 0 |
i'm not able to see any output. what to do?
bin _time span=1d
Snaps all values of _time to the start of day i.e. 00:00 so you will not see 04:36. Also, the time format you seem to be expecting is not the format you have used for Time. Apart from that, you should get counts for the days present in your search, except when you have removed all the events for any particular day. The stats are grouped by Time and there are no values for Time once you have filtered out all the response_code1=200