Hi,
I want to sum an event that arrives from each host(total 3) and then graph it. I could not find the option on how to do it
Thanks in advance for your assistance
If you want to sum a field in the events, we will need more information. However, if you simply want to count the events by host, that's easy. In the examples, I assume that your host names are "abc" "def" and "ghi"...
host=abc OR host=def OR host=ghi
| chart count by host
or, if you want a time chart
host=abc OR host=def OR host=ghi
| timechart count by host
If this doesn't help you, then please post some sample data and give more information.
If you want to sum a field in the events, we will need more information. However, if you simply want to count the events by host, that's easy. In the examples, I assume that your host names are "abc" "def" and "ghi"...
host=abc OR host=def OR host=ghi
| chart count by host
or, if you want a time chart
host=abc OR host=def OR host=ghi
| timechart count by host
If this doesn't help you, then please post some sample data and give more information.
I have changed the timechart to the following and it seems to give me the result I want:
timechart span=10m per_minute(UsersCount)
Thanks
Thanks for the quick reply, the timechart gives me each host in it's own line - how can i sum it into one line?
I used this:
index="short_stats" host="XX_users" OR host="YY_users" OR host="XY_users" earliest=-0d@d latest=+1d@d | timechart span=30m max(UsersCount) by host