按 "release" 和 "time" 分组的 Splunk 图形数据
Splunk graph data grouped by "release" and "time"
我需要创建一个图表,在 x 轴上显示日期,在 y 轴上按“发布”分组显示“successfully_processed”和“failed_to_process”。
这是我的例子:
|makeresults
| eval raw="100, 2, typeA, 2022-05-25T19:53:51.000-07:00|110, 3, typeA, 2022-05-26T19:53:51.000-08:00|150, 1, typeB, 2022-05-25T19:53:51.000-08:00"
| makemv raw delim="::"
| mvexpand raw
| fields - _time
| streamstats count AS _serial
| makemv raw delim="|"
| mvexpand raw
| rex field=raw "^(?<success>[^,]+),(?<fail>[^,]+),(?<release>[^,]+),(?<_time>[^,]+)$"
| fields - raw
| stats values(success) as Successfully_processed values(fail) as Failed_to_process by release
当我按版本对它们进行分组时,我也不知道如何获取日期。我需要每天按“发布”分组显示每个日志“successfully_processed”和“failed_to_process”。
有人可以帮忙吗?谢谢
尝试 chart
命令。
| makeresults
| eval raw="100, 2, typeA, 2022-05-25T19:53:51.000-07:00|110, 3, typeA, 2022-05-26T19:53:51.000-08:00|150, 1, typeB, 2022-05-25T19:53:51.000-08:00"
| makemv raw delim="::"
| mvexpand raw
| streamstats count AS _serial
| makemv raw delim="|"
| mvexpand raw
| rex field=raw "^(?<success>[^,]+),(?<failure>[^,]+),(?<release>[^,]+),(?<_time>[^,]+)$"
| fields - raw
| chart values(success) as success, values(failure) as failure over _time by release
我需要创建一个图表,在 x 轴上显示日期,在 y 轴上按“发布”分组显示“successfully_processed”和“failed_to_process”。
这是我的例子:
|makeresults
| eval raw="100, 2, typeA, 2022-05-25T19:53:51.000-07:00|110, 3, typeA, 2022-05-26T19:53:51.000-08:00|150, 1, typeB, 2022-05-25T19:53:51.000-08:00"
| makemv raw delim="::"
| mvexpand raw
| fields - _time
| streamstats count AS _serial
| makemv raw delim="|"
| mvexpand raw
| rex field=raw "^(?<success>[^,]+),(?<fail>[^,]+),(?<release>[^,]+),(?<_time>[^,]+)$"
| fields - raw
| stats values(success) as Successfully_processed values(fail) as Failed_to_process by release
当我按版本对它们进行分组时,我也不知道如何获取日期。我需要每天按“发布”分组显示每个日志“successfully_processed”和“failed_to_process”。
有人可以帮忙吗?谢谢
尝试 chart
命令。
| makeresults
| eval raw="100, 2, typeA, 2022-05-25T19:53:51.000-07:00|110, 3, typeA, 2022-05-26T19:53:51.000-08:00|150, 1, typeB, 2022-05-25T19:53:51.000-08:00"
| makemv raw delim="::"
| mvexpand raw
| streamstats count AS _serial
| makemv raw delim="|"
| mvexpand raw
| rex field=raw "^(?<success>[^,]+),(?<failure>[^,]+),(?<release>[^,]+),(?<_time>[^,]+)$"
| fields - raw
| chart values(success) as success, values(failure) as failure over _time by release