Index=dev log-severity=INFO app name=abcd | rex “tv counts for indicator S = (?<Count>\d+)” | stats count by _time, Counts l table _time, counts
I have two queries separately
1) tv counts for indicator S= (?<Count>\d+)
2) Dishtv counts for indicator S= (?<Count>\d+)
Both of the counts are combined because they’re having same wordings (tv counts for indicator S= (?<Count>\d+),
spark Data frame that generates these 1 and 2 queries is different.they have different output counts but in graphs they are overlapping because of same logger messages wording.
how can I get separate counts for each of them separately
pls suggest
... View more