Hello! I am sure my wording is way more complicated than what I want. Basically, the end result being a stats table along the lines of:
Host | AvgLogCount | Min_Total | Max_Total
Router1 |
Router2 |
And then the values filled in from there. The timespan in which I am looking at is 1 week. I was thinking using something along the lines of:
index=db device_type=router | timechart span=1d count | eventstats avg(count) as AvgLogCount, min(count) as Min, max(count) as Max
When I do this, there are X amount of rows that there are days, with the values matching the next row. I get why that is happening, but I want to turn it into each row listing a different Host, and the rest of the columns' value be of the respective host. Do I need something along the lines of:
index=db device_type=router | timechart span=1d count | eventstats avg(count) as AvgLogCount by host, min(count) as Min by host, max(count) as Max by host
I think that is on the right track, but it doesn't return anything. Any help would be greatly appreciated! And hopefully my wording makes sense.
Thank you!
... View more