What i am trying to accomplish is the following;
I have 3 search queries. The first one displays a single value that gives me the sum of messages that a service of us recieved and accepted on the service adapter.
I also have a query that sums up the messages that got rejected on the service adapter.
My third query shows the value of the messages that have been recieved on a different service adapter.
Is it possible to create a panel in wich i can check if the first and second query combined have the same value als the last query?
I tried to combine the queries with a append of multisearch but i cannot seem to get the result I want.
first query:
index=foo sourcetype="foo:bw" barAdapter Operation=foo | stats distinct_count(ConversationID) as Total1
second query:
index=foo sourcetype="foo:bw" "barAdapter" Operation=foo FromParty=xxx | stats count as Total2
third query:
index=foo sourcetype="foo:bw" "Publishing to endpoint Queue" Operation=foo | stats count as Total3
Thank you in advance for any help.
↧