Sample set of logs with fieldnames (time, name, and status) from one index=test
1. name=X1 status=FAIL time=7am
2. name=X1 status=FAIL time=7:01am
3. name=X1 status=SUCCESS time=7:02am
4. name=X2 status=SUCCESS time=8am
5. name=X3 status=FAIL time=9am
6. name=X3 status=FAIL time=9:01am
current query:
index=test | stats count as tryCount by name, status
| chart count(status) by tryCount, status
Question 1: Count name of tries by status (success, fail, fail+success). Query above isn't exactly accurate because it's ignoring the category that has both fail+success.
Expected result:
name success fail fail+success
X1 1
X2 1
X3 1
Question 2: How do I populate statistics listing all the name where both status=FAIL and status=Success exist?
Expected result:
name statusList
X1 FAIL - 7am, FAIL - 7:01am, SUCCESS - 7:02am
Question 3, how do I show list of status for this scenario with row showing name and column showing by _time?
Expected result:
name failList successList
X1 7am, 7:01am 7:02am
X2 8am
↧