Assume each event includes 2 fields: `path` and `duration` among other fields.
`Path` can have values: (i) type1 = `/x/y/`, (ii) type2 = `x/y/\d+` , eg. `/x/y/1234`, (iii) type3= `z/t/`, (iv) anything else.
How can I calculate the avg(duration) per type of `path`, only consider `type1`, `type2`, and `type3`, the rest is not interested?
| spath path | .... some how group the paths into different groups using regex ... | stats avg(duration) by path
I could do
... | regex path="/x/y(/\d+)?|/z/t/" | stats avg(duration) by path
but the problem is that `/x/y/1234` will be treated differently from `/x/y/2345` while I want to group all of them into `type2`.
↧