![]() You can apply a running count to your search results, which is useful when combined with other commands. ![]() The sum of the bytes is reset for both the y and x hosts in the next events. When the reset after clause action="REBOOT" occurs in the 4th event, that event shows the sum for the x host, including the bytes for the REBOOT action. The total_bytes field accumulates a sum of the bytes so far for each host. When you use mstats in a real-time search with a time window, a historical search runs first to backfill the data. ![]() You can use mstats in historical searches and real-time searches. This command performs statistics on the measurement, metricname, and dimension fields in metric indexes. The running total resets each time an event satisfies the action="REBOOT"criteria. Use the mstats command to analyze metrics. The running total appears in the total_bytes field. | streamstats sum(bytes) AS total_bytes BY host reset after action="REBOOT"īecause the value in the action field is a string literal, the value needs to be enclosed in double quotation marks. The generated summary statistics can be used for calculations in subsequent commands in. Only those events that have fields pertinent to the aggregation are used in generating the summary statistics. You can use the reset after argument to accomplish this. Generates summary statistics from fields in your events and saves those statistics in a new field. However, when the system reboots you want the calculation for the total bytes to begin again. Suppose you want to calculate a running total of the bytes for each host.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |