There are multiple fields like
time number description severity status restore_duration
I want to take total count , count when status has true value , values of restore_duration when severity is 1.
I am trying with stats command like below, but for 3rd requirement its not working
| stats count as total_count count(eval(status="true")) as status_count values(eval(if(severity="1",restore_duration,null))) as duration
Please suggest, how to achieve when severity=1, then get the values of restore_duration using same stats.
After taking values from restore_duration , i have to calculate average of duration also.
↧