Count Number of Events By Host

Follow
Avatar
garland ka

I want to create a time series chart to simply plot the number of events SumoLogic is ingesting by a host.  The x axis should be time and the y axis should be the number of events.  There would be a line for each hosts.

I have parsed out the host as "aHost".  Not really sure how to plot it across time.

_sourceCategory=prod-upcode

| parse regex "^\w+\s+\d+\s\d+:\d+:\d+\s(?<aHost>\w+-\w+-\w+-\w+-\w+)"

| timeslice by 5m

|  count_distinct(_raw) by aHost

 

 

 

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Raghu Murthy

    Hi Garland,

    You would need to use the transpose operator to specify the row to be time and column as number of events by hosts.

    http://help.sumologic.com/Help/Default.htm#Transpose_Operator.htm

    Your query would be like this

    _sourceCategory=prod-upcode 

    | parse regex "^\w+\s+\d+\s\d+:\d+:\d+\s(?<aHost>\w+-\w+-\w+-\w+-\w+)"

    | timeslice by 5m

    | count_distinct(_raw) by _timeslice, aHost

    | transpose row _timeslice column aHost

    Hope this helps

    thanks

    Raghu 

     

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post