Hello,
I have following query, from which I am able to produce a table
However, the above query doesn't get results by hostname.
index=prod host=hostname* source="/home/logs/log" | rex field=_raw "TIME\s:\s(?[^\s]*)\s(?\d+)\smsec" | search ms>0 | table _time,action,ms | rename ms as "duration[ms]" | sort -_time
Summary:
are DELETE, ADD, MODIFY,SEARCH
What we have is 3 host, hostname01, 02 and 03. I am looking to generate a 'timechart' where I would obtain a taken on a host and the time it took to complete.
Any suggestion?
one tested but not getting the result
index=prod host=hostname* source="/home/logs/log" | rex field=_raw "TIME\s:\s(?[^\s]*)\s(?\d+)\smsec" | search ms>0 action="REMOVE" | timechart avg(ms) avg(action) | rename ms as "duration[ms]" | sort -_time
Thank you in advance for assistance.
... View more