I have a program which is logging events after every 1 hour. Which means the job runs after every 1 hour.
With every run it generates an UniqueID and it stays through out the same until the program gets terminated for that hour's run. The program logs FileName with it. To discriminate the start and stop of the program, it logs status as Status=START and Status=END . Status is the field-name. So for example below are the two sample runs.
index=prg, _time=2:00, UniqueID=ID1, Status=START, Message="Program starts"
index=prg, _time=2:01, UniqueID=ID1, FileName=F1, Status=DEBUG, Message="File logged"
index=prg, _time=2:02, UniqueID=ID1, FileName=F2, Status=DEBUG, Message="File logged"
index=prg, _time=2:03, UniqueID=ID1, FileName=F3, Status=DEBUG, Message="File logged"
index=prg, _time=2:04, UniqueID=ID1, Status=END, Message="Program ends"
index=prg, _time=3:00, UniqueID=ID2, Status=START, Message="Program starts"
index=prg, _time=3:05, UniqueID=ID2, FileName=F11, Status=DEBUG, Message="File logged"
index=prg, _time=3:07, UniqueID=ID2, FileName=F12, Status=DEBUG, Message="File logged"
index=prg, _time=3:09, UniqueID=ID2, FileName=F13, Status=DEBUG, Message="File logged"
index=prg, _time=3:11, UniqueID=ID2, FileName=F17, Status=DEBUG, Message="File logged"
index=prg, _time=3:22, UniqueID=ID2, Status=END, Message="Program ends"
So with above example we could see ID1 took 4 minutes to end and logged 3 files, whereas ID2 took 22 minutes and logged 4 files. I need this in a graph, where time would be in Y axis and number of files would be in X axis. We want to see the trend... like for how many files what the time graph looks like.
... View more