I am evaluating Sumo Logic as an alternative to Splunk and have a question regarding graphing search results. How can you stack two search results on top of eachother in a graph? I would like to create a bar chart with two search results / or parameters on top of eachother. I haven't found any clear documentation regarding this in the manual. The following does not work..
(Example1, graph by log level the following:) Timing | keyvalue "Name","Level" | group by name count by level
(Example2: graph all logs by loglevel) Level=warn, Level=error, Level=info | timeslice by 1h | count by _timeslice
Please sign in to leave a comment.