Hi,
How can I use a combination of an IF statement along with AND.
I'm looking to run a count whereby IF the _hour is greater than a certain time, AND a server name matches a list, dont include the server in the results.
I have something like this;
mysearch...
| eval hour=tonumber(strftime(_time,"%H"))
| if(hour>2 AND NOT (dest="server1" OR dest="server2" OR dest="server3"))
| stats count by _time, hour, dest, status
Essentially I dont want to include results of a server between certain hours.
Any ideas? Thanks.
↧