Solved: compare no. of events with a specific value, to th...

andyk · ‎04-14-2011

I have events that looks something like this:

merchant_id=5755757 status_id=22 amount=300

Now I want to compare the number of events from one specific merchant to the number of events from all the other merchants in a stacked bar diagram split by "specific merchant" / "other merchants". How can I do this?

The diagram should show the last 30 days, with one bar per day.

Ayn · ‎04-14-2011

You could achieve this using eval to split up merchants across either your specific merchant or other merchants.

<yourbasesearch>
 | eval merchant_type=if(merchant_id==5755757,"Current merchant","Other merchants")
 | timechart span=1d count by merchant_type

View solution in original post

Ayn · ‎04-14-2011

You could achieve this using eval to split up merchants across either your specific merchant or other merchants.

<yourbasesearch>
 | eval merchant_type=if(merchant_id==5755757,"Current merchant","Other merchants")
 | timechart span=1d count by merchant_type

andyk · ‎04-18-2011

Works perfect, thanks!

compare no. of events with a specific value, to the no. events with other values

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...