rangemap

It's a pretty popular search command and it is used in all sorts of situations. Below are some really cool searches that use rangemap along with other search commands.

Chart HTTP Status Category % by URL

index=* sourcetype=access* status=* | rex field=bc_uri "/(?<route>[^/]*)/" | rangemap field=status code_100=100-199 code_200=200-299 code_300=300-399 code_400=400-499 code_500=500-599 | rename range as stcat | stats count as sct by route, stcat |  eventstats sum(sct) as ttl by route | eval pct = round((sct/ttl), 2)."%" | xyseries route stcat pct

purpose:

creates a table where the rows are URL values, the columns are HTTP status categories and the cells are the percentage for that status / url combination

requirements:

comments: