Hi All, Currently I have below query which works fine for pie-chart for 3 different data , which is working fine.
"*test-path*" | bucket span=1d _time | rename test-path as path | eval result=case((path == "/test/orders"), "Order Data" , (path == "/test-data/orders"), "test order" , (path == "/test2-data2/orders/"), "Test data") | chart count by result | eval result = count + " " + result | fields result, count
but i want to extend it by adding 1 more search "test data for order - path" which is coming in the message key, I have tried below but not working:
"*test-path*" | bucket span=1d _time | rename test-path as path | **rename message as msg** | eval result=case((path == "/test/orders"), "Order Data" , (path == "/test-data/orders"), "test order" , (path == "/test2-data2/orders/"), "Test data" , (**msg == "*test data for order - path***"), "test data order") | chart count by result | eval result = count + " " + result | fields result, count
Can anyone plz help.
... View more