I have a number of events, correlated in a transaction by a field called distinct_id. The typical transaction setup is:
type=client
| transaction distinct_id startswith="visit" maxpause=30m
Now, what I want to know is the number of events within the transaction that match some particular search for example, lets say event=='pageView' . The following does accomplish what I want:
type=client
| eval matchesSearch=if(event=="pageView", random(), NULL)
| transaction distinct_id startswith="visit" maxpause=30m
| eval numberMatches=mvcount(matchesSearch)
But it hardly seems like the best way. I'm wondering if there is a better way to do this.
*To be clear, the searches in question are far more complicated than this, just wanted to simplify it for example.
... View more