Hello,
I have several things that come in via different platforms Android (watch, phone, tablet), iOS (Watch, Phone, Tablet), and Web. For counting purposes I just need to know the platform (for now). I was wondering if there was any way possible to group my counts by my replaces.
index =blah source=blah earliest=-16m@m latest=-1m@m
| stats count(eval(Status=0 OR Status=1)) as Now by Platform
| replace
android* with Android,
*Web* with Web,
ip* with iOS,
| table Platform, Now
As of now my results look like:
Platform Now
android 96
android 1
android 1306
iOS 3000
iOS 45
iOS 2
Web 1286
Web 956
What I would like:
Platform Now
Android 1403
iOS 3047
Web 2242
Thanks in advance for any help.
↧