I have this request :
sourcetype="accouting" fichier="*.log" | stats count by fichier
Here is the result :
fichier count
DIAEAEF*.log 7
DIAEAU97*.log 1
DIAEHAB*.log 5
DIAEHF*.log 9
DIAEPJ*.log 5
DIAEWF*.log 2
DIAEHP*.log 2
And I'd like to gather some files to have another table as follows :
paquet count
AA 12
BB 6
CC 13
Explain :
AA = DIAEAEF*.log + DIAEHAB*.log
BB = DIAEAU97*.log + DIAEPJ*.log
CC = DIAEHF*.log + DIAEWF*.log + DIAEHP*.log
sorry for my english... thanks google translate 😉
... View more