Hi,
I am having An Issue with a simple post process implementation. Unfortunately postprocess isn't picking up the search streamed from above.
Maybe I am missing something and hopefully somebody can help me find the problem in this design.
Thanks in advance.
Cheers
Mike
<module name="Search" group="logs">
<param name="group">logs</param>
<param name="search"><![CDATA[
host="$selectedHost$" sourcetype="apache" status_code!="200" status_code!="304" |
eval codedesc=case(
status_code==100,"100 Continue",
status_code==101,"101 Switching Protocols",
...
...
...
status_code==510,"510 Not Extended"
)
]]></param>
<module name="PostProcess">
<param name="search">
| timechart count by codedesc useother=f usenull=f
</param>
<module name="HiddenChartFormatter">
<param name="secondaryAxisTitle.text"># counts</param>
<param name="legend.placement">right</param>
<param name="chart">area</param>
<module name="JSChart">
<param name="height">350px</param>
</module>
</module>
</module>
<module name="PostProcess" layoutPanel="panel_row2_col1">
<param name="search">
| convert timeformat="%H:%M:%S" ctime(_time) AS Time
| stats count by Time clientip host codedesc
| rename codedesc AS "Code Description"
</param>
<module name="Pager" layoutPanel="panel_row2_col1">
<param name="count">20</param>
<module name="SimpleResultsTable" layoutPanel="panel_row2_col1" />
</module>
... View more