I am doing a search to get the total count of different URIs and their response times. My result has multiple events of similar URLs -
search/abc/1/mno/count/ctr/div/1/link/4
search/abc/1/mno/count/ctr/div/1/link/4,5
find/xyzi/1/fig/count/exact/abc/24
find/xyzi/1/fig/count/exact/abc/24/25
My search query :-
| rex "\s+\/(?(url_path)\S+)"
| search url_path!="*error*"
| eval Date=strftime(_time, "%Y-%m-%d")
| chart count over url_path by Date
| addtotals
| sort - Total
↧