Hello,
I am trying to create a query which will help me combine results from two search results by doing this:
index=some_index source="log_source" AND "Not Updated - sourceId"
| stats count as RejectedEvents
| appendcols [
search index=some_index source="log_source"
| rex ".*Batch info: completed, processed entities: (?<numberOfMessage>.*)"
| stats sum(numberOfMessage) as ProcessedEvents
]
| eval total = ProcessedEvents + RejectedEvents
| fields total
This query works fine, but is insanely slow. Any help on making this better?
... View more