hello
i have this query :
index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messages-dhcpd-lpf-eth0-listening" OR eventtype="csm-messages-dhcpd-send-socket-fallback-net" OR eventtype="csm-messages-dhcpd-write-zero-leases" OR eventtype="csm-messages-dhcpd-eth1-nosubnet-declared"
| stats count list(eventtype) by _time
the result im getting is :
> _time count list(eventtype) 2019-08-05> 10:24:23 5 > csm-messages-dhcpd-send-socket-fallback-net> csm-messages-dhcpd-lpf-eth0-sending> csm-messages-dhcpd-lpf-eth0-listening> csm-messages-dhcpd-eth1-nosubnet-declared> csm-messages-dhcpd-write-zero-leases
what should i change in my query so i will see the count for each raw ?
thanks
↧