I've got some data with three applicable fields, hostname, requirement, and requirementstatus. Each day I may receive hundreds of log for a single hostname, or none at all. a stream of logs might look like
>hostname="comp1" requirement=foo requirementstatus=failed
>hostname="comp1" requirement=bar requirementstatus=passed
>hostname="comp1" requirement=foo requirementstatus=passed
>hostname="comp1" requirement=bar requirementstatus=passed
I can get the current requirementstatus for each requirement with
>|dedup 1 hostname,requirement sortby - _time|table hostname,requirement,requirementstatus
but how do i get the current, cumulative status per day in a timechart?
So on day one, I have 50 hostnames with a requirement "foo" and 25 have a requirementstatus of "passed" and 25 "failed"
Day two, 10 hostnames that previously had a requirementstatus of "failed" are now "passed", and they're the only logs received on day two
my chart when filtered to requirement "foo" should show day1 with 25 passes and 25 fails, day 2 with 35 passes and 15 fails.
I appreciate any insight you can give.
... View more