I need to create a graph that will have date on the x axis and "successfully_processed" and "failed_to_process" on y axis group by "release".
This is my example:
|makeresults
| eval raw="100, 2, typeA, 2022-05-25T19:53:51.000-07:00|110, 3, typeA, 2022-05-26T19:53:51.000-08:00|150, 1, typeB, 2022-05-25T19:53:51.000-08:00"
| makemv raw delim="::"
| mvexpand raw
| fields - _time
| streamstats count AS _serial
| makemv raw delim="|"
| mvexpand raw
| rex field=raw "^(?<success>[^,]+),(?<fail>[^,]+),(?<release>[^,]+),(?<_time>[^,]+)$"
| fields - raw
| stats values(success) as Successfully_processed values(fail) as Failed_to_process by release
When I group them by release I can't figure out how to get the date as well. I need every log "successfully_processed" and "failed_to_process" to be shown per day grouped by "release".
Can anyone help please? Thank you
Try the chart command.
| makeresults
| eval raw="100, 2, typeA, 2022-05-25T19:53:51.000-07:00|110, 3, typeA, 2022-05-26T19:53:51.000-08:00|150, 1, typeB, 2022-05-25T19:53:51.000-08:00"
| makemv raw delim="::"
| mvexpand raw
| streamstats count AS _serial
| makemv raw delim="|"
| mvexpand raw
| rex field=raw "^(?<success>[^,]+),(?<failure>[^,]+),(?<release>[^,]+),(?<_time>[^,]+)$"
| fields - raw
| chart values(success) as success, values(failure) as failure over _time by release