sourcetype=abc "responseStatus=500" "abc.xyz.logging.yyyy.zzzzz" "cccccccccccccc88888883333hhhh" | rex field=_raw "\"customerBilledAmount\" : (?.*?)," | rex field=_raw "\"resultID\" : (?.*?)," | rex field=_raw "\"customerID\" : (?.*?)," | dedup resultID | table userrBilledAmount resultID customerID
Now I need to achieve
- exclude all null
- add up all userBilledAmount
- exclude all null from userBilledAmount only
↧