I'm not a dashboard expert however, from a search I have the following setup:
| rex field=msg.Properties..FileName "(?[\w-]+\.apm)"
| eval EventName='msg.Properties..EventType'
| search Filename
| chart count over Filename by EventName
This gives me results like:
Filename Moved FileError Validated Sent ValidationError
1bc71199.apm 1 1 1 2 0
43bd3399.apm 1 1 1 2 1
Is it possible to change the 0s, 1s and 2s to other values? Like maybe a TimeStamp or Checkmark or basically something that isn't a number?
Also, maybe I shouldn't be using a CHART for summary (but my users like the data representation) but please tell me if I'm doing that wrong too! Are stats the better option? Thanks!
... View more