I am using below query to fill in 0 for dates when we have missing value and get those dates on the chart. But this is not working . Could anyone please help me here.
base search | eval t...
See more...
I am using below query to fill in 0 for dates when we have missing value and get those dates on the chart. But this is not working . Could anyone please help me here.
base search | eval timestamp_epoc = strptime(timestamp,"%Y-%m-%dT%H:%M:%S.%3N%Z") | eval date_picker = strftime(timestamp_epoc,"%Y-%m-%d") | search requestURI="/api/v1/home/reseller/*" | eval hqid = substr(requestURI,23,10) | search $hqid$ | eval status_success=if(httpStatus="200",1,0) | eval status_fail= if(httpStatus != "200",1,0) | stats sum(status_success) as status_success, sum(status_fail) as status_fail by hqid,date_picker | eval status = case( (status_fail>0 AND status_success>0), "Multiple successful logins", (status_fail>0), "Multiple failed logins", (status_success>0), "Successful logins",1=1, "Other") | fillnull value=0 date_picker hqid status | chart count(hqid) by date_picker,status