Hi all,
I am trying to search some logs that have event_name and event_number . I want to produce a table that shows a count of how many instances of the event_number exist, but also show the event_name field next to it for reference.
So a table with 3 columns:
event_number , event_name , count
I can get one or the other, but not both.
This works for one: index=index1 | chart count by event_number
This works for one: index=index1 | chart count by event_name
This doesn't work: index=index1 | chart count by event_name event_number
Nor this: index=index1 | chart count by event_number | fields event_number event_name count
Does what I am trying to achieve make sense?
Any suggestions?
Thanks
... View more