I have the following queries: index=myIndex app_name IN (my-app-a, my-app-b) process=end
| eval app_name = replace(app_name, "-[ab]$", "")
| where match(status, "^[45][0-9]{2}$") AND i...
See more...
I have the following queries: index=myIndex app_name IN (my-app-a, my-app-b) process=end
| eval app_name = replace(app_name, "-[ab]$", "")
| where match(status, "^[45][0-9]{2}$") AND in(status, "500", "503", "504")
| timechart count by status
index=myIndex method!=GET process="start" app_name IN (my-app-a, my-app-b) process=end
| eval app_name=replace(app_name, "-[ab]$", "")
| timechart count
| timechart per_second(*) Where the first query returns the numbers of errors over time and the second query the requests per second Even if there are no errors, it should paint a graph with 0 and still include the requests per second. The end goal is to be able to compare the requests per second/error ratio How can I combine these two into a single chart with two separate graphs? My best attempt : index=myIndex app_name IN (my-app-a, my-app-b) process=end
| eval app_name = replace(app_name, "-[ab]$", "")
| where match(status, "^[45][0-9]{2}$") AND in(status, "500", "503", "504")
| timechart span=1h count as error_count
| append
[search index=myIndex app_name IN (my-app-a, my-app-b) process=end
| eval app_name=replace(app_name, "-[ab]$", "")
| timechart span=1h count as requests_per_hour
| fields _time, requests_per_hour]
| stats sum(error_count) as error_count sum(requests_per_hour) as requests_per_hour by _time
| sort -requests_per_hour Is there any other way to do this?