I have written the following query to calculate the number of response code with api and their respective http status and calculate the total number of failure and success count.
host=abc-a-fr-* source=*access..log* /api/* |eval status1=status|eval file=urldecode(file)| stats count AS Total count(eval(status<=399)) AS Success BY file| eval Failure = Total - Success | eval Percent_Failure=round((Failure/ Total) * 100, 1)| eval Percent_Success=round((Success/ Total) * 100, 1) |table file Total Success Percent_Success Percent_Failure|where NOT match(file,"\d+$$$$")
And the following is the output
file Total Success Percent_Success Percent_Failure
currencies 2 0 0.0 100.0
OrderId 7 0 0.0 100.0
addressId 3 0 0.0 100.0
deliveryslot 205961 5956 2.9 97.1
If i group the count by status,if give me completely different data, what i would like to add is the status in the table, but when i put the status field in the table there is no data
Below is what i would like to achieve
file Status Total Success Percent_Success Percent_Failure
currencies 503 2 0 0.0 100.0
OrderId 401 7 0 0.0 100.0
addressId 503 3 0 0.0 100.0
deliveryslot 400 205961 5956 2.9 97.1
How do I achieve this, please help me
... View more