I am monitoring access logs for various endpoints (which I denote as path), and in each event I have some data including how long the event took. I have one timechart that monitors which endpoints get called the most, and I am trying to create a timechart that will monitor the max transaction times, but only for the most called endpoints.
The first timechart was very easy:
index=... | timechart count by path useother=false usenull=false
The second search has proven more difficult, as this:
index=... | timechart max(transTime) by path useother=false usenull=false
Only yields the max transaction times regardless of how often the path is called.
I have tried using top and head to restrict the available paths, but to no avail. Is there a way to force timechart to use only the 10 most common paths?
... View more