Hi everyone, I've got a sample log that looks like
[2013-06-03 11:35:42:66 EDT] RESPONSES 200=17 503=5 401=2
. The 200, 503, and 401 are http responses, and I'd like to make a timechart that sums them over time. Additionally, it won't always be 200, 503, and 401 - the next log could ouput just RESPONSES 200=24
or RESPONSES 404=21 503=3 400=2
How would I plot all these sums in a timechart?
Try this
... | table _time 1* 2* 3* 4* 5* 6* | untable _time http_response counts | timechart span=1h sum(counts) as counts by http_response
Hi, try something like this:
eval count_200=if(200=17,1,0) | eval count_503=if(503=5,1,0) | eval count_401=if(401=2,1,0)
and then:
timechart sum(count*)
I want a stacked column graph, with each response code grouped. So no, a 400 is different than a 401 and a 404
Would you like to group all 40x, 50x, 30x response codes together for charting or a line for each response code? It also look like your colums are dynamic, is this true?