Hi
I have this search in my dashboard and i want create a token filter for search the result of the field "sucursal_id"
host="iperf01app" NOT sourcetype=log-4 status="error" OR ("SUM" AND sentido="*") | rex field=source "(?[\d]+).txt"
| eval sucursal_id=case(sucursal_id > "999000" AND sucursal < "999999" , (sucursal_id - 999000), sucursal_id > "9999000" AND sucursal < "9999999" , (sucursal_id - 9999000), sucursal_id > "99999000" AND sucursal < "99999999" , (sucursal_id - 99999000), sucursal_id < 9999, sucursal_id)
| eval velocidad=if(status == "error" , "0", velocidad) | eval vel_bajada=case(sentido = "receiver" OR velocidad = 0, velocidad/1000) | eval vel_subida=case(sentido = "sender" OR velocidad = 0, velocidad/1000) | stats avg(vel_subida) as "Velocidad Subida", avg(vel_bajada) as "Velocidad Bajada" by sucursal_id |
regards
... View more