I have a base search and there are multiple events that I can find depending on some set of the subtstring. Let's say A, B, C
I just want to get the counts of these events and calculate a single result from them. This is what I got so far...
basesearch | stats count(eval(searchmatch("A should contain"))) as successA,
stats count(eval(searchmatch("B should contain"))) as failureB,
stats count(eval(searchmatch("C should contain"))) as failureC,
| eval overall = successA - failureB - failureC
| stats count by overall
....needless to say, it does not work. Any simple ideas out there?
It's a very simple and basic question but I cannot find any entry or valid answer. I appreciate any help.
Thanks
Tunch
↧