I am trying to use the transaction command to get duration between two events
In case there are no such events, I would like the search to return 0 instead of "no results found".
This following command isn't working:
index=main host="xyz"
| transaction startswith="keyword1" endswith="keyword2"
| eval spent_time = duration
| stats sum(spent_time) as total_spent_time
| table total_spent_time
| fillnull value=NULL
↧
How to get my transaction search to return "0" instead of "no results found" if no events are found?
↧