I have data of mail sending activities of 1000s of customers and need to find the top 10 mail sending customers for every 10minutes for the customer data of the past 1 month. I need to create a stacked chart of the same. Any suggestions how this could be done. for the past 24hrs the top customers have been found as follows
index=campaign_prod sourcetype=witness_stat_log virtualization=* earliest=-1d | dedup host| table host customer_name | join type=outer host [search index=campaign_prod sourcetype=mtachild_log message_type=info "sent"| stats count as email_count by host] | fillnull value=0 email_count | stats sum(email_count) as mail_count by customer_name | sort 0 -mail_count | head 20
Hi AshimaE,
try something like this
index=campaign_prod sourcetype=witness_stat_log virtualization=* earliest=-1d
| dedup host
| join type=outer host [ search
index=campaign_prod sourcetype=mtachild_log message_type=info "sent"
| stats count as email_count by host
]
| fillnull value=0 email_count
| bin span=10m _time
| stats sum(email_count) as mail_count by customer_name, _time
| sort 0 -mail_count
| head 20
Bye.
Giuseppe
But this will give the top 20 overall while I want the top 10 or 20 for each timespan of the 1 month period.