Can u help me on this issue. As character are exceeding i am posting the question 3 times total.
I am trying to combine 2 queries to get the result, i am getting the result, but not as expecte...
See more...
Can u help me on this issue. As character are exceeding i am posting the question 3 times total.
I am trying to combine 2 queries to get the result, i am getting the result, but not as expected. Query1:
index=app-map-idx shname=niht_map_*
| append [| inputlookup customerdata.csv
|addinfo
| where _time>=info_min_time AND _time<=info_max_time
|fields - info*
|eval done=1, shname=device."_name", source=device."_name"]
|table _time sys operation web pass fail fvb quantity done shname
|eventstats sum(done) as done by shname sys
|bucket _time span=w
|stats sum(*) as * values(done) as done dc(web) as webb by _time shname sys operation
|appendpipe [| search sys="wi lapcdmb" operation="login page" OR operation="app page" OR operation="userpage" OR operation="custpage"]
|foreach pass fail fvb quantity [|eval <<FIELD>>=<<FILED>>*0.09]
|eval sys="pim"]
| eval "pass percentage"=pass/quantity*100
|eval iel=fail/quantity*100
|fillnull fvb value=0
|rename pass as Pass, fail as Fail, sys as Sys, fvb as Fvb, quantity as Quantity, operation as Operation, webb as Webb
|lookup application.csv Sys OUTPUT App mtr
|search mtr=given
|table _time pass percentage iel App Sys Operation Webb Pass Fail Quantity Fvb
|sort 0 Sys
Output:
_time
App
Sys
Operation
Webb
Pass
Fail
Quantity
Fvb
pass percentage
iel
2022-11-10
Custom
Customer sys
sigin app - customer
1
20
0
20
1
100
0
2022-11-10
Cli app
CA
sigin app - application
2
30
10
40
10
99
0.01
2022-11-10
sigin app
SG
sigin app - client
2
10
1
11
1
100
0
2022-11-10
user app
UA
sigin app - app1
1
60
0
60
16
80
0.05
2022-11-10
user app
UA
sigin app - app2
4
50
0
50
0
20
0.9
2022-11-10
user app
UA
sigin app - app3
5
100
9
109
0
0
0
2022-11-10
user app
UA
sigin app - app4
8
21
0
21
0
0
0
2022-11-10
user app
UA
sigin app - app5
9
23
0
23
0
0
0
2022-11-10
suzk app
SA
sigin app - app6
2
16
8
24
1
99
0
2022-11-10
qualis app
QA
sigin app - app7
1
100
10
110
8
10
0
2022-11-10
benz app
BA
sigin app - app8
2
500
11
511
6
20
0
2022-11-10
client app
CA
sigin app - app1
4
200
0
200
4
100
0
2022-11-10
client app
CA
sigin app - app2
1
800
1
801
1
100
0.11
2022-11-10
client app
CA
sigin app - app3
3
220
1
221
0
90
0.22
2022-11-10
client app
CA
sigin app - app4
2
1000
11
1011
0
99
0.45
2022-11-10
client app
CA
sigin app - app5
1
1089
12
2178
9
99
0.56
Query2: index=blrm-app-idx sourcetype=blrm_appl "QA: ab" OR "QA: cd" OR "QA: ef" OR "QA: gh" (procedure=POST web="/cate/surface*") OR (procedure=GET web="/choc/plain/otp*") OR (procedure=POST web="/may/duration") OR (procedure=GET web="/year/days") OR web="/nam/power/error") OR web="/move/cloud") OR web="/mont/days NOT [|inputlookup angryer.csv |rename PI as result |fields result] | eval type=case((faildigit=978 OR faildigit=435 OR faildigit=543 OR faildigit=987), "error", (faildigit>98763 AND faildigit<98765 ) OR faildigit=123 OR faildigit=456 OR faildigit=789, fvb, isnull(faildigit), "pass", isnotnull(faildigit), "error") |search pipe = "error" |eval operation=case(match(web, "/cate/surface*"), sigin app - customer, procedure=GET AND web="/choc/plain/otp*") , sigin app - application, procedure=POST AND web="/may/duration", sigin app - client, procedure=GET AND web="/year/days", sigin app - app1, OR web="/nam/power/error", sigin app - app2 OR web="/move/cloud", sigin app - app3 OR web="/mont/days, sigin app - app4, 1=1, "unknown") |eval web = procedure." ".web |eval sys= case (cliapp=ab, applibase, cliapp=cd, cusbase, cliapp=ef, efffilm, cliapp=gh gohome, 1=1, null()) |bin _time span=1h |stats dc(cust_ip) as effect_apps by _time sys operation web
OUTPUT:
_time
sys
operation
web
effect_apps
2022-11-10
UA
sigin app - app1
1
10
2022-11-10
UA
sigin app - app2
2
12
2022-11-10
UA
sigin app - app3
2
10
2022-11-10
UA
sigin app - app4
1
40
2022-11-10
UA
sigin app - app5
4
2
2022-11-10
CA
sigin app - app1
5
6
2022-11-10
CA
sigin app - app2
8
1
2022-11-10
CA
sigin app - app3
9
3
2022-11-10
CA
sigin app - app4
2
4
2022-11-10
CA
sigin app - app5
1
8
contunuation i am repying to this post...........