Solved: Splitting table columns into timespan values

Matthias_BY · ‎04-03-2013

Hi,

i want to have a report which shows me volume per month based on access_combined logs.

source="/var/log/httpd/access_log" | stats sum(bytes) as "TOTALBytes" by clientip date_month

what i get is one row for each month:

CLIENTIP MONTH VOLUME
172.0.0.1 April 123
172.0.0.1 March 321
172.0.0.1 Feb 654
172.0.0.2 April 123
172.0.0.2 March 432

i want to compare over time in a table them per clientip as there are only a few like:

CLIENTIP Volume_JAN Volume_Feb Volume_March Volume_April
172.0.0.1 123 456 789 123
172.0.0.2 321 654 0 321
....

and so on... how can i achieve this, of course i don't want to edit in may the table, it should be automatically added

thanks a lot
Matthias

Ayn · ‎04-03-2013

You could use chart instead. It will create a matrix rather than a list.

... | chart sum(bytes) as "TOTALBytes" by clientip,date_month

Ayn · ‎04-03-2013

You could use chart instead. It will create a matrix rather than a list.

... | chart sum(bytes) as "TOTALBytes" by clientip,date_month

Matthias_BY · ‎04-03-2013

this solved my question! Thanks a lot

Splitting table columns into timespan values