Hi everyone,
State
ID
APP
_time
INFO
ABC
Car
19/08/22 19:51
INFO
ABC
Car
19/08/22 19:52
INFO
DEF
Car
20/08/22 19:53
INFO
ZZZ
Book
30/08/22 19:51
INFO
ZZZ
Book
19/08/22 19:55
WARN
ABC
Car
19/08/22 19:56
WARN
XYZ
Car
20/08/22 19:51
WARN
ZZZ
Book
19/08/22 19:58
WARN
ZZZ
Book
19/08/22 19:59
ERROR
ABC
Car
19/08/22 20:00
ERROR
ABC
Car
19/08/22 20:01
ERROR
XYZA
Car
30/08/22 19:51
I have following data as mentioned in table above, and i have to create a statistical analysis for following requirement
Find out count of distinct ID By APP for any given STATE
Ex.:
For State=Info, My Results should be:
APP
Count
Car
2
Book
1
For State=ERROR, My Results should be:
APP
Count
Car
2
Currently i am trying like this:
index=testdata
| stats count(eval(searchmatch("*INFO*"))) BY APP
But i am Not getting count of records with Distinct ID.
My Question is: How to use stats command with eval function and distinct function on two separate columns.
... View more