About AFKunc

AFKunc · ‎01-15-2025

Had I not chosen the solution already I would have given it to you for a more comprehensive answer 🙂

AFKunc · ‎01-12-2025

Worked like a charm. This line seems to be making all the difference: | spath path=payload.status output=status.

AFKunc · ‎01-12-2025

It still fails in that it appears that the if(payload.status==...) always evaluates to false, despite there being both "ok" and "degraded" events, so the sum is equal to the count of all events.

AFKunc · ‎01-12-2025

Hi, I have json data structured as follows: { "payload": { "status": "ok", # or "degraded" } } I'm trying to use the stats command to count the "ok" and "degraded" events separately. I am using the following query: index=whatever | eval is_ok=if(payload.status=="ok", 1, 0) | stats count as total, count(is_ok) as ok_count I have tried passing it through spath, , with "=" in the if condition, and several other approaches changes. What always happens is that both counts contain all elements, despite there being different numbers of them. Please help!

Posts	4
Solutions	0
Karma Given	3
Karma Received	0
Member Since	‎01-12-2025

Online Status	Offline
Date Last Visited	‎01-15-2025 05:45 AM

Help with conditional event count.

Re: Help with conditional event count.

Re: Help with conditional event count.

Re: Help with conditional event count.

Help with conditional event count.

Join the Conversation

Help with conditional event count.

Re: Help with conditional event count.

Re: Help with conditional event count.

Re: Help with conditional event count.

Help with conditional event count.