Assume each event includes 2 fields: path
and duration
among other fields.
Path
can have values: (i) type1 = /x/y/
, (ii) type2 = x/y/\d+
, eg. /x/y/1234
, (iii) type3= z/t/
, (iv) anything else.
How can I calculate the avg(duration) per type of path
, only consider type1
, type2
, and type3
, the rest is not interested?
| spath path | .... some how group the paths into different groups using regex ... | stats avg(duration) by path
I could do
... | regex path="/x/y(/\d+)?|/z/t/" | stats avg(duration) by path
but the problem is that /x/y/1234
will be treated differently from /x/y/2345
while I want to group all of them into type2
.
Hello,
I would do something like that:
- creation of a temporary variable type!path which takes different value according to the value of Path
eval type_path = case(match(Path, "\/x\/y\/"), path_type1, match(Path,"\/x\/y\/\d+"), path_type2, match(Path,"\/z\/t\/"), path_type3)| stats avg(duration) by type_path
regards
Hello,
I would do something like that:
- creation of a temporary variable type!path which takes different value according to the value of Path
eval type_path = case(match(Path, "\/x\/y\/"), path_type1, match(Path,"\/x\/y\/\d+"), path_type2, match(Path,"\/z\/t\/"), path_type3)| stats avg(duration) by type_path
regards
Above can be applied after your regex filter.
Yes, I think that works. Thanks @clorne.