搜索1:
app =“ atlas” source =“ / usr / local / homeaway / atlas-production / logs / *” index =“ aws_prod_applogs” titan |按date_mday统计平均值(* responseTime)
搜索2
app =“ atlas” source =“ / usr / local / homeaway / atlas-production / logs / *” index =“ aws_prod_applogs” titan statusCode = 200 |按date_mday统计avg(* responseTime)
如何加入2个不同的搜索查询?
答案 0 :(得分:0)
尝试一下:
app="atlas" source="/usr/local/homeaway/atlas-production/logs/*" index="aws_prod_applogs" titan
| eval result=if(statusCode=200, "Success", "Failure")
| stats avg(*responseTime) by result, date_mday