Question

我的日志中有类似

的事件

{
     linesPerSec:    1694.67    
     message:    Status:    
     rowCount:   35600000   
     severity:   info
}

当我进行类似搜索时

index="apps"  app="my-api" message="*Status:*" | table  _time,  linesPerSec, rowCount

这就是我的桌子最终的样子

如何为linePerSec和rowCount的键获取数字值？我想查看所有实例。我尝试使用values（linesPerSec），但这似乎只聚合了唯一的。

谢谢

内特

Answer 1

这是您完整的查询吗？您提到使用ngOnInit(): void { var hId: Number; this.route.paramMap.subscribe(params => { console.log( + params.get('id')); hId = params.get('id'); }); console.log( hId); this.route.params .switchMap((params: Params) => this.heroService.getHero(+params.get('id'))) }，但搜索中没有minimax(board, currentTurn, depth, players) { var lastTurn = previousPlayer(players, currentTurn); var nextTurn = nextPlayer(players, currentTurn); //check win if (board.win(lastTurn)) { if (lastTurn == this.id) return { value: 20 + depth }; return { value: -20 + depth }; } if (!board.canPlay()) return { value: 0 }; //tie if (depth == 0) return { value: 0 }; //out of think var result = { value: 0, move: 0 }; if (currentTurn == this.id) result.value = -1e8; else result.value = 1e8; for (var i = 0; i < board.size ** 2; i++) { if (board.cells[i].mark != "") continue; board.move(players[currentTurn], i); var temp = this.minimax(board, nextTurn, depth - 1, players); if (currentTurn == this.id) { if (temp.value > result.value) result = { value: temp.value, move: i }; if (temp.value == result.value && Math.random() > 0.5) result = { value: temp.value, move: i }; } else { if (temp.value < result.value) result = { value: temp.value, move: i }; if (temp.value == result.value && Math.random() > 0.5) result = { value: temp.value, move: i }; } board.unMove(i); } return result; }命令。顺便说一句，values()显示唯一值；使用stats查看所有内容。

您也许可以使用values()来获取数字，但是我认为list()会更好。尝试此搜索：

extract

Answer 2

可以在以下位置找到带有答案的答案：https://answers.splunk.com/answers/756524/extracting-values-for-table.html

Splunk：提取表的值

2 个答案: