Here is the example of the search looks like :
index=x* OR index=y* OR index=z* Iabcd 12_* ( earliest=05/09/2022:00:00:00 latest=05/09/2022:24:00:00 )| rex field=_raw "timerField:\d+:\d+:\d+:\d+ (?<xyzApi>\w+)" | fields +xyzApi test_filed_1test_filed_1 index
| top xyzApi test_filed_1test_filed_1 index limit=20 | appendcols [ searchindex=x* OR index=y* OR index=z* Iabcd 12_* ( earliest=05/16/2022:00:00:00 latest=05/16/2022:24:00:00 ) || rex field=_raw "timerField:\d+:\d+:\d+:\d+ (?<xyzApi>\w+)" | fields +xyzApi test_filed_1test_filed_1 index
| top xyzApi test_filed_1test_filed_1 index limit=20 ]
Ideally i want to run the search for 9th and 16 of this monday and get the count of each day and compare , I'm not able to divide the count for each day
... View more