I have written this query to take results as how many successfully signed in and failed to signin.
Now I need a data for failure_rate where signin failed/signin successful gives the data. However, I couldn't able to execute the results for Failure_rate. Can anyone assist me on logic.
note: failure_rate can be obtain by dividing signin failed/ signin successful
| json field=_raw "message"
| where message in ("signin successful", "signin failed")
| timeslice 1h
| sort by _count
| count by message
Please sign in to leave a comment.