Why can't I make a graph by field value directly?
This works:
index=logs Error_Type="WARN" | timechart count(Error_Type)
This does not
index=logs | timechart count(Error_Type="WARN")
I would like to to this graph two types of error on the same pannel
index=logs | timechart count(Error_Type="WARN"), count(Error_Type="ERROR")
Thanks, that worked perfectly!
Hi fizwit,
this is possible have a look at the documentation of the timechart command (Example 5) you were pretty close there is just an eval missing:
index=logs | timechart count(eval(Error_Type="WARN")) AS WARN, count(eval(Error_Type="ERROR")) AS ERROR
Good luck
Chris