splunk 查询连接每小时的状态代码
splunk query to concatenate status code for every hour
index=abc sourcetype=firststream-* env=* module=API type=Error error_level=fatal serviceName=MyService |bin _time span=1h | stats count by _time,serviceName,httpStatusCode
该小时内的每个 httpStatuscode 都会显示输出。相反,我想连接那个小时的 httpStatusCode 并显示在一个列中。
试试这个。
index=abc sourcetype=firststream-* env=* module=API type=Error error_level=fatal serviceName=MyService
| bin _time span=1h
| stats count values(httpStatusCode) as httpStatusCode by _time, serviceName
| table _time, serviceName, httpStatusCode
index=abc sourcetype=firststream-* env=* module=API type=Error error_level=fatal serviceName=MyService |bin _time span=1h | stats count by _time,serviceName,httpStatusCode
该小时内的每个 httpStatuscode 都会显示输出。相反,我想连接那个小时的 httpStatusCode 并显示在一个列中。
试试这个。
index=abc sourcetype=firststream-* env=* module=API type=Error error_level=fatal serviceName=MyService
| bin _time span=1h
| stats count values(httpStatusCode) as httpStatusCode by _time, serviceName
| table _time, serviceName, httpStatusCode