How to Chart Values in logs, not the number of logs

Follow

Max Donnelly

• September 02, 2016 17:43

I want the # of updates not the # of logs, when I count I just get a graph of 3 results of 1 instead of 3 results of 2, 4, 33

0

• 

  Mario Sanchez

  • September 02, 2016 18:05

  Max, What you need to do is Sum your "a" field which contains your count of updates per message. Your query would look something link this: _sourceCategory=my_logs | parse "* updates are security updates." as a | sum(a) as total_updates Hope this helps. Cheers, Mario

  0

  Comment actions Permalink

Please sign in to leave a comment.