Hi,
I'd like to count the number of HTTP 2xx and 4xx status codes in responses, group them into a single category and then display on a chart. The count itself works fine, and I'm able to see the number of counted responses. I'm basically counting the number of responses for each API that is read from a CSV file.
However, I'm struggling with the problem that I'd like to count the number 2xx and 4xx statuses, sum them and group under a common label named: "non5xx" that refers to non-server status codes and display on a chart.
So far, I've come up with the following search query, but it fails to meet my expectations:
[| inputlookup api_names_file.csv | rename AppName to app_name | table app_name ] | chart count(eval(like(status, "2%"))) AS successResponses, count(eval(like(status, "4%"))) AS clientErrorResponses, count(eval(like(status, "5%"))) AS 5xx BY status | eval total = (successResponses + clientErrorResponses) | eventstats sum(total) AS non5xx by status | fields non5xx, 5x
Ideally, I'd like to end up with the following chart:
![alt text][1]
- The **non5xx** group would refer to the summed number of all 2xx and 5xx status codes e.g. HTTP 200, 201 etc.
- The **5xx** group would describe server error status codes such as 500, 501 etc.
Is it possible to display such a common label consisting of the sum of two responses on an arbitrary chart e.g. a pie chart?
Thanks in advance
[1]: /storage/temp/218800-diagram.png
↧