About shacharz

shacharz · ‎12-25-2014

Just like the time picker in dashboard, I have many panels that are all using a certain field e.g: customerId="..." And I want to easily filter customers with such a field picker, instead of changing all the search strings in all the panels

shacharz · ‎10-29-2014

Looks like this works: sourcetype="tracker logs" join=join OR join=leave | eval users=if(match(join,"join"),1,-1) | accum users| timechart max(users)

shacharz · ‎10-29-2014

Getting closer, I fixed your statement to: sourcetype="tracker logs" join=join OR join=leave | eval users=if(join=="join",1,-1) | accum users| timechart max(users) but looks like it doesn't match the join field to the value join the values that the join field gets are either "join":true or "leave":true

shacharz · ‎10-29-2014

I have an event for a user that joins the system and an even for a user that leaves that system. I want to create a timechart that will show how many users I had in my system along a time window. This is for example how I timechart the join events: sourcetype="tracker logs" join = join | timechart dc(peerId) and similiarly for leave: sourcetype="tracker logs" join = leave | timechart dc(peerId) But how do I substract those who leave from those who joined?

Posts	4
Solutions	0
Karma Given	2
Karma Received	0
Member Since	‎04-23-2014

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

How can I create a field picker for custom fields ...

Getting the number of parallel intervals in timech...

How can I create a field picker for custom fields ...

Re: Getting the number of parallel intervals in ti...

Re: Getting the number of parallel intervals in ti...

Getting the number of parallel intervals in timech...