Re: Why does having multiple values for mvlist pro...

gt_dev · ‎12-14-2016

I am still not able to get 2 fields in the mvlist list. Here is my transaction line now:

| transaction visitID mvlist=actionName

I get a nice set of values that groups actions by visitID. However, if I change the above line to:

| transaction visitID mvlist=actionName,event_time

I get a totally different result set that doesn't look anything like the way I want it. Below is my full search:

source="/var/log/logstash/dynatraceqa*" businessTransaction="Real User Page Actions - Copy"
| transaction visitID mvlist=actionName
| table  application, visitID,  event_time, actionName, eventcount
| sort event_time
| addtotals row=f col=t fieldname=Total labelfield=actionName eventcount
| rename event_time as "Start Time", application as "Application", visitID as "Visit ID", actionName as "User Action". eventcount as  "Action Count"

gt_dev · ‎01-04-2017

...continued:

If i use mvlist=true i get the following:

gt_dev · ‎01-04-2017

When i use the following in my transaction line:
| transaction visitID mvlist=actionName
I get the following results:

When i use the following in my transaction line:
| transaction visitID mvlist=actionName, apdex_score

I get the following results:

sundareshr · ‎12-14-2016

What kind of results are you expecting? Try this, without transaction command

source="/var/log/logstash/dynatraceqa*" businessTransaction="Real User Page Actions - Copy" | stats list(actionName) as actions by visitID application _time | eval eventcount=mvcount(actions) | rename ... | table ...

Why does having multiple values for mvlist produce unexpected results for my transaction search?

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!