搜索查询中的两个聚合的总和(sumo logic aggregate)

我试图实现的是显示两个聚合字段的总和总和(DiscoverCountOld)作为 VisitsDiscoveredOld 和总和(DiscoverCount)作为 VisitsDiscovered 作为新列而不是这两个字段

我试图实现的是显示两个聚合字段的总和总和(DiscoverCountOld)作为 VisitsDiscoveredOld 和总和(DiscoverCount)作为 VisitsDiscovered 作为新列而不是这两个字段

  _source="src" and _collector="collector"
    | parse regex "Finished cataloging (?<DiscoverCountOld>\d+) visits for state " nodrop
    | parse regex "Finished cataloging visits: Visit count: (?<DiscoverCount>\d+)" nodrop
    | parse regex "Finished submitting (?<SubmitCount>\d+) visits for state CO" nodrop
    | parse regex "Finished updating status for (?<UpdateCount>\d+) visits for state CO"
    | fields DiscoverCountOld,DiscoverCount,SubmitCount,UpdateCount
    | timeslice 1d
    | sum(DiscoverCountOld) as VisitsDiscoveredOld,sum(DiscoverCount) as VisitsDiscovered, sum(SubmitCount) as VisitsSubmitted, sum(UpdateCount) as VisitsUpdated group by _timeslice
    | fillmissing timeslice(1d) 
    | sort by _timeslice asc
2

这里是找到的答案:

_source="_source" and _collector="-collector"
| parse regex "Finished cataloging (?<DiscoverCountOld>\d+) visits for state " nodrop
| parse regex "Finished cataloging visits: Visit count: (?<DiscoverCount>\d+)" nodrop
| parse regex "Finished submitting (?<SubmitCount>\d+) visits for state CO" nodrop
| parse regex "Finished updating status for (?<UpdateCount>\d+) visits for state CO"
| timeslice 1d
| sum(DiscoverCountOld) as VisitsDiscoveredOld,sum(DiscoverCount) as VisitsDiscoveredNew, sum(SubmitCount) as VisitsSubmitted, sum(UpdateCount) as VisitsUpdated group by _timeslice
| VisitsDiscoveredOld+VisitsDiscoveredNew as VisitsDiscovered
| fields _timeslice,VisitsDiscovered,VisitsSubmitted,VisitsUpdated
| fillmissing timeslice(1d)   
| sort by _timeslice asc 

本站系公益性非盈利分享网址,本文来自用户投稿,不代表码文网立场,如若转载,请注明出处

(623)
在iPhone中以编程方式从另一个应用程序打开iCloud设置
上一篇
如何在给定的地块上绘制垂直线(graph of a vertical line)
下一篇

相关推荐

发表评论

登录 后才能评论

评论列表(28条)