About maxiva01

maxiva01 · ‎04-29-2016

Finally I found out a solution that works great index=someIndex sourcetype=sourcetype1 SomeSearchCriteria | stats count as Total by fieldA | join type=left fieldA [search index=fsomeIndex sourcetype=sourcetype2 SomeSearchCriteria | stats count as Common by fieldA] | stats count(Total) as TransactionSent count(Common) as TransactionRecieved | eval PersentDeliveredTransactions = round(100*TransactionRecieved / TransactionSent,2) | table PersentDeliveredTransactions TransactionRecieved TransactionSent

maxiva01 · ‎04-28-2016

Hi, Task: 2 different log files (source types). I want to find all transactions from first payload and check which of them are missed in second one. Then calculate amount and percentage of transaction that are exist in both log files There is a common field in both log files, lest say fieldA The solution I came up so far looks like below one index=someIndex sourcetype=sourcetype1 SomeSearchCriteria | join fieldA type=outer [search index=fsomeIndex sourcetype=sourcetype2 SomeSearchCriteria] | fillnull value="NOVALUE" fieldA | eval ResponseStatus=case(fieldA ="NOVALUE","noResponse", fieldA!="NOVALUE", "validResponse") | bucket span=15m _time | stats count as Total count(fieldA) as NumberOfTransactions by ResponseStatus, _time | eventstats sum(Total) as TOTAL_TRANSACTIONS | eval PersentOfSuccessTransactions = round(100*NumberOfTransactions / TOTAL_TRANSACTIONS,2) | table PersentOfSuccessTransactions NumberOfTransactions ResponseStatus _time But in the response I see only "validResponse". Is this something wrong with the query?

Posts	2
Solutions	1
Karma Given	0
Karma Received	1
Member Since	‎04-28-2016

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

How to search all transactions existing in one pay...

Re: How to search all transactions existing in one...

How to search all transactions existing in one pay...