我想画一个splunk图表,我在我的日志中有以下字符串:
"Request id: 552"
"Request id: 223"
"Request id: 365"
"Request id: 552"
"Request id: 552"
"Request id: 223"
我想创建一个图表,其中x轴值作为请求id (552,223,365), y轴值作为这些请求id的出现次数。什么样的搜索查询会起作用?
尝试这个查询,在主搜索和子搜索中填写索引详细信息假设字段名为log,
index=... | append[search index=... | eval req_id=ltrim(log,"Request id: ")]
| stats count(log) as req_id_count by req_id | table req_id,req_id_count