First of all, sorry, if I am missing something really obvious here but after hours of googling I am still stuck with the following problem.
Basically I have a list of URLs and a score in the format like that:
http://www.abc.com/abc/abc.html 50
http://www.abc.com/abc/abc.html 30
www.xyz.org/asd/ 12
qwer.com/asd 7
What I try to achieve now is to group some of the URLs and have the sum of the score displayed in a table. For example:
abc.com & xyz.org = "External Sites" will then lead to the following table:
`Site name | Sum
------------------------
External Sites | 92`
The approach so far is to have an
`| eval siteName = if(match(url, [some regex], ...)`
add a new field with the site name which works.
The interesting part now is, that some of the groups might not have events present all the time and `| stats sum(score) as Sum by siteName` obviously gives me only sum of the groups that are present.
Is there any way to give me a table for an list of sitenames that "could" be there like the following:
`Site name | Sum
----------------------
External Sites | 92
Internal Sites | 0`
Thank you very much in advance
Andreas
↧