Hi
I have extracted 2 fields from log file & now I have to show a chart based on these 2 values. How can I do that? The value of these fields will be derived from the log file.
Field 1 - Process name
Field 2 - process count.
I need to show a chart which shows count of each process by host.
As of now I am using the table command to show a table but I want a chart. Any help is much appreciated.
Search:
index=* sourcetype=* | rex field=proc_monitor "\-\s(?(.*))count" |rex field=proc_monitor "count\s\:(?(.*))\;" | where proc_name NOT NULL|rename proc_name as "Process Name"|rename proc_count as "Total Count"|table host "Process Name" "Total Count"
Log sample:
- RTP count : 1 ; Status: UP
- abc count : 16 ; Status: UP
- def count : 26 ; Status: UP
- ghi count : 13 ; Status: UP
↧