I have a simple need that I cannot solve. For a generic search of source=whatever filter1 filter2 filterx | I want to see for N number of fields, the top, say, 5 values, by percentage (not count).
For example: Say I am looking at a web storefront and want transaction data. Assuming that all fields are reported 100% of the time, data I am interested in is say, top 5 of the following fields; creditCardBrand, webBrowser, shipToCity, orderHour, and ipAddress. For the last 24 hours, source=transactions successful=True orderStatus=Complete shipped=True |
The results I want need to look something like this:
Top cCardBrand Percent webBrowser Percent shipToCity Percent orderHour Percent
1 Visa 35.00 MSIE 42.00 Austin 10.00 21 13.56
2 Mastercard 35.00 Chrome 25.23 Boston 9.85 22 13.01
3 Discover 20.00 FireFox 19.50 New York 9.84 18 11.78
4 Amex 10.00 Safari 13.00 Miami 5.54 5 10.52
5 Opera 00.27 Denver 3.22 20 4.45
NOTE: All 4 of these fields appear and report these percentages on the right-hand side as selected fields. I am merely trying to select some of the fields and report back the top 5 values (percentages) of each. Calculating percents takes a while, so this is fine to be scheduled to run overnight.
... View more