About andy

andy · ‎07-21-2020

Yeah something like this is what I'm looking for, but first I need to consider only 4 services with lowest daily count

andy · ‎07-20-2020

Don't know why but in this way it only shows 1 service which reached 4 accesses in 1 hour, instead I would like to have a hour by hour timechart of the last 4 services by sum of daily events and having sum > 2 .

andy · ‎07-20-2020

But if I remove the sort how can I choose the 4 less accessed services? This search gives me a list of data : | stats count by Service _time | where count>2 | sort 4 count for instance in last 24h Service | Accesses A | 3 B | 5 How can I reproduce a chart that would show me how this services are distributed hour per hour in last 24h?

andy · ‎07-20-2020

Hi everyone, I am trying to create a timechart showing distribution of accesses in last 24h filtered through stats command. More precisely I am sorting services with low accesses number but higher than 2 and considerating only 4 less accessed services using this: index = |bin _time span=1h | stats count by Service _time | where count>2 | sort 4 count | rename count as "Access number" | timechart span=1h count by Service Results would show services with number of accesses of 1 or 2 in a day despite the where clause. Thank you in advance for your help.

Posts	4
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎07-20-2020

Online Status	Offline
Date Last Visited	‎07-21-2020 12:31 PM

Timechart after Stats

Re: Timechart after Stats

Re: Timechart after Stats

Re: Timechart after Stats

Timechart after Stats