Hello,
I have multiple queries with small differences, is it possible to combine them?
Here is example:
index=some_index sourcetype=some_source host=*host* (span_name=SomeSpanName1) | eval duration=span_duration/1000 | stats p99(duration)
index=some_index sourcetype=some_source host=*host* (span_name=SomeSpanName2 OR span_name=SomeSpanName3) | eval duration=span_duration/1000 | stats p99(duration)
index=some_index sourcetype=some_source host=*host* (span_name=SomeSpanName4) | eval duration=span_duration/1000 | stats p99(duration)
The result of each query is only one column `p99(duration)` with value.
Is it possible to combine these queries and get a result with three columns with different names (I need to know the correspondence of each column to the condition)?
↧