|
problem with creating summary index these are the different types of search values i tried for sumamry-index test3. index=level3 | eval volumegb=VOLumeBytes/(102410241024) index=level3 | eval volumegb=VOLumeBytes/(102410241024) | timechart sum(volumegb) index=level3 | eval volumegb=VOLumeBytes/(102410241024) | sistats sum(volumegb) index=level3 | eval volumegb=VOLumeBytes/(102410241024) | streamstats sum(volumegb) index=level3 | eval volumegb=VOLumeBytes/(102410241024) | timechart sum(volumegb) span=1min but when i search from the summary index test3 index=test3 | timechart sum(volumegb) span=1min I am not getting the caluclated values. it is caluclating again in sistats case. in other cases i am not finding any values for volumegb in the data chart. or please forget everything and let me know how to create summary index for a log like 2011-09-29 06:47:53.983 y "GET /prod_content/dp20110428145216/04/dp20110428145216_04_1437.ts HTTP/1.1" 14.10.172.446 2058629 b00001000003 444934 2896 206 "-" "-" "-" 392 where 444934 is the volume in bytes. and i need to show data volume in gb served per unit time for past 2 hrs, 24hrs, 7 days, 30day. i am able to caluclate it using the search command index=level3 | eval volumegb=VOLumeBytes/(102410241024) | timechart sum(volumegb) span=1hr (for 24 hrs timeperiod unit time hrs) but i am unable to get it from summary index. Thanks |
Refine your search:
- Apps & Questions
- Apps
- Questions
- Users
- Tags
Markdown Basics
- *italic* or _italic_
- **bold** or __bold__
- link:[text](http://url.com/ "Title")
- image?
- numbered list: 1. Foo 2. Bar
- to add a line break simply add two spaces to where you would like the new line to be.
- basic HTML tags are also supported
Tags:
Asked: 29 Sep '11, 05:51
Seen: 829 times
Last updated: 29 Sep '11, 05:53