Solved: search help - stats of a count by that field... bu...

hiddenkirby · ‎04-27-2011

i need some search help...

index=myindex | somefilter | stats count(field) by field

gives me close to what i want...

but i want the counts of that field between certain defined ranges... like count(field) > 50 and < 500 or something.

Any thoughts? I expect it's easy 😕

TIA,
Kirby

RicoSuave · ‎04-27-2011

I think the only way you are going to be able to group results in that way is by using the rangemap command.

index=myindex | somefilter | stats count(field) by field | rangemap field=yourfield Great=1-200 Good=201-400 Acceptable=401-600 default=Slow

or maybe this

index=myindex | somefilter | rangemap field=yourfield Great=1-200 Good=201-400 Acceptable=401-600 default=Slow | stats count(field) by field

You can adjust the ranges to your liking. Let me know if this works.

bojanz · ‎04-27-2011

Kirby,

Do you just want to display results that are between these two values (so the counted number, not the field)? This should help:

index=myindex | somefilter | stats count(field) AS num by field | where num > 50 AND num < 500

Or you want to count fields that have values between 50 and 100?

index=myindex | somefilter | where field > 50 AND field < 500 | stats count(field) by field

RicoSuave · ‎04-27-2011

I think the only way you are going to be able to group results in that way is by using the rangemap command.

index=myindex | somefilter | stats count(field) by field | rangemap field=yourfield Great=1-200 Good=201-400 Acceptable=401-600 default=Slow

or maybe this

index=myindex | somefilter | rangemap field=yourfield Great=1-200 Good=201-400 Acceptable=401-600 default=Slow | stats count(field) by field

You can adjust the ranges to your liking. Let me know if this works.

search help - stats of a count by that field... but in band ranges?