Database Reference
In-Depth Information
Combining stats with eval
Now we will try an example using stats and eval commands. Here, we want to look for the
counts of how a web page was accessed, whether by using
GET
or
POST
.
We enter the following into the search box:
sourcetype=access_* | stats count(eval(method="GET")) as
GET, count(eval(method="POST")) as POST by categoryId
Note
Be very careful here to use the exact capitalization for the field categoryId.
Here we are requesting all events that indicate a web page was accessed. Then we count up
the number of results that used the
GET
and
POST
method, and then display those results
based on
categoryId
of
products
, as shown in the following screenshot:
Determining Counts for "GET" and "POST" by CategoryId