Team,
I have a summary index that looks like this:
<search string> | sistats count by UserAgent
I also have a collection of event types that group various UserAgents, such that:
[ua_iPhone]
UserAgent="iPhone"
[ua_iPad]
UserAgent="iPad"
I'd like to query the si and end up with a list of top user agents, sort of like:
index="summary" search_name="si_useragent" | stats count by UserAgent | eval eventtype=mvfilter(match(eventtype, "ua\_.*")) | top eventtype
Is this possible? Advisable?
Thanks,
-S.
... View more