|
for example, i have the following 7 logs, 2011-DEC-17 slotid="Location-Maps-US-Sunnyvale" delta_msec="1487" seq="3" 2011-DEC-17 slotid="Location-Maps-US-MountainView" delta_msec="1445" seq="2" 2011-DEC-17 slotid="Location-Maps-US-SF" delta_msec="1465" seq="2" 2011-DEC-17 slotid="Location-Store-CA-MountainView" delta_msec="1445" seq="2" 2011-DEC-17 slotid="Location-Store-CA-SF" delta_msec="1245" seq="2" 2011-DEC-17 slotid="Location-Msg-CA-MountainView" delta_msec="1445" seq="2" 2011-DEC-17 slotid="Location-Msg-CA-SF" delta_msec="1245" seq="2" i want to calculate a new field(avg_msec) based on the "slotid" we would like to calculate an average for all logs matching "Location-Maps" we would like to calculate an average for all logs matching "Location-Store" we would like to calculate an average for all logs matching "Location-Msg" Can somebody help write the search string? Thanks! |
|
Hi there, Something along the lines of; this should extract "Maps", "Store" and "Msg" into a new field called ZZZZ, which you subsequently can run ordinary Hope this helps, Kristian |
