Works fine when I have values for all rows of each function, but when I don't have a value for any row then the (function) row is not visible. | eval Percent_Available = round((periode-duration_indispo)*100/periode,3)įunction like "%ASC Recorder%", "Enregistrement Téléphonie",įunction like "%OXE WORLDWIDE%", "OXE WORLDWIDE",įunction like "%Proxy%", "Téléphonie Alcatel Mobilité",įunction like "%Environnement Monitor%", "Environnement Monitor",įunction like "%System Management%", "System Management", It allows you to store the resulting value of the eval operation in a field. | stats sum(duration) AS duration_indispo by Function, periode The eval command is perhaps the most advanced and powerful command in SPL. | eval start_time=mvindex(timestamp,0), end_time=mvindex(timestamp,1) I am trying to extract the colon (:) delimited field directly before 'USERS' (2nd field from the end) in the log entries below: 14-07-13 12:54:00.096 STATS: maint.47CMri3.47CMri3.: 224: UC.v1:7:USERS. | transaction ID startswith=(severity=2) maxevents=2 I'd like to be able to extract a numerical field from a delimited log entry, and then create a graph of that number over time. | eval periode=info_max_time-info_min_time Index=index_sqlprod-itrs_toc (severity=2 OR severity=0 OR severity="-1") Only the results for which the evaluation was True are displayed. Can you help me, i have the same probleme with this search : The where command uses eval expressions to filter search results.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |