I have thousands of log files that look like this
[27/Oct/2016:20:08:57 --0700] WBLBSdFyTFYAAHPuH1kAAAAM
Content-length: 0
The logs contain a: timestamp, unique request id, and length of the content. I want to make a line chart that shows the content-length on the y-axis and the request on the x-axis so you can see over a span of time, what were all the content-lengths received. I first tried to count the lengths with this search:
"Content-length: " | rex (?<length>\d+) | stats count(length)
In English, I'm trying to say "you have 5 requests with a content length of 0, 10 requests with a content length of 5, etc etc". What am I doing wrong?
... View more