I am trying to write a search that will give me counts of each value occurrence within an array in JSON.
My truncated JSON that is logged looks like this:
{
"TimestampUtc": "2015-12-14T17:48:22.9603567Z",
"Request": {
"Body": {
"SelectedColumns": [{
"ColumnId": 1004
}, {
"ColumnId": 1000
}, {
"ColumnId": 1003
}, {
"ColumnId": 1107
}, {
"ColumnId": 1101
}]
}
},
"Metrics": {
"ResponseTime": 199
}
}
I need to show a table of ColumnIdValue Count where ColumnIdValue is the value of ColumnId, and Count is the number of times that value appears in the JSON events.
I'm not sure how to go about this. Does mvexpand help here?
I'd also like to then write a second search which will show the average ResponseTime by ColumnIdValue.
Thanks
... View more