Hi There,
I am trying to get the an hourly stats for each status code and get the percentage for each hour per status. Not sure how to get it.
my search |
| bucket _time span=1h
| stats count by _time http_status_code
| eventstats sum(count) as totalCount | eval percentage=round((count/totalCount),3)*100
please suggest which command could be helpful here.
thanks
Give this a try
my_search
| bucket _time span=1h
| stats count BY _time http_status_code
| eventstats sum(count) as totalCount by _time
| eval percentage=round((count/totalCount),3)*100
| table _time http_status_code count percentage
@somesoni2 thank you for the help, it worked.
Give this a try
my_search
| bucket _time span=1h
| stats count BY _time http_status_code
| eventstats sum(count) as totalCount by _time
| eval percentage=round((count/totalCount),3)*100
| table _time http_status_code count percentage
Hi @bijodev1,
please try this:
my_search
| eventstats sum(count) as totalCount
| bucket _time span=1h
| stats values(totalCount) AS totalCount count BY _time http_status_code
| eval percentage=round((count/totalCount),3)*100
Ciao.
Giuseppe
what I am basically looking for here is
_time status count percentage
12:30. 100 400. 30
12:30 200 600 60
12:30 300 400 30
01:30 100 100 10
01:30 200 400 45
01:30 300 400 45
like wise
Hi @bijodev1,
please try this:
my_search
| eventstats count as totalCount
| bucket _time span=1h
| stats values(totalCount) AS totalCount count BY _time http_status_code
| eval percentage=round((count/totalCount),3)*100
Ciao.
Giuseppe
Hi @gcusello
thank you for the response, but didn't got me any output.
It doesn't show the percentage and total count per hour