Hi,
I have an interface where user can search based on various criteria like email phone number , order number etc. I am logging the string user is searching now i have to find the count for different type of searches. I am using below query to search.
index=abc_core sourcetype=ABC_svc_log "SERVICE_NAME=MY_SERVICE" "OPERATION=SEARCH" SEARCH_CRITERIA USER_ID|stats count(SEARCH_CRITERIA) as Total_search, count(eval(SEARCH_CRITERIA like "%@%.%")) as email_Search, count(eval(isInt(SEARCH_CRITERIA))) as Phone_Number_Search, count(eval(SEARCH_CRITERIA like "W%")) as Weborder_Search, count(eval(SEARCH_CRITERIA like "SC%")) as SavedCart_Search by USER_ID | eval Name_Search= Total_search-(Weborder_Search+ SavedCart_Search+ email_Search+ Phone_Number_Search)
While I am searching for any count, I am using like above with eval, but this is not correct and one event can belong to multiple types of searches with this. If order starts with W and a name also starts with W, then they both will count the occurrences. I have a specific pattern for order (W12344566) and cart (SC1234567) and I need to know how can I achieve this.
Any help is highly appreciated.
Thanks,
Gaurav
... View more