Hello! 🙂
I'm tryng to get statistics of groups of 200 events.
For instance, I have the following stats:
|stats sum(CPU) avg(resptime) c as "total"
sum(CPU)----------avg(resptime)----------total
1000-----------------0.00240------------------800
What I wanted to have is:
sum(CPU)----------avg(resptime)----------total
120-------------------0.00125------------------200
300-------------------0.00124------------------200
480-------------------0.00122------------------200
100-------------------0.00122------------------200
OBS. I know how to create bins of time span, but what I need is to make buckets based on event quantity and NOT time.
Thank you in advance!
Like this:
... | streamstats count AS _serial
| eval _bucketOf200 = floor((_serial - 1)/ 200)
| stats sum(CPU) avg(resptime) count AS total BY _bucketOf200
Like this:
... | streamstats count AS _serial
| eval _bucketOf200 = floor((_serial - 1)/ 200)
| stats sum(CPU) avg(resptime) count AS total BY _bucketOf200