Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Synopsis

Executes a custom complex computation on search query results.

Syntax

execute [expression] (as result1, result2)

 

Required Arguments

expression

Syntax: mathematical expression

Description: Performs a mathematical expression on the search results.

Optional Arguments

result1, result2

Syntax: <search string>.

Description: If the results that the executed expression returns are expected to go into more than one column, the names of the columns preceded by as must be placed in parentheses following the expression. 

Description

Executes an expression on each event in the search query. If the returned results go into more than one column, they are entered under the columns whose names appear in parentheses after the expression.

Examples

Example 1: 

* in log.access |  execute if (total == NULL) THEN (total = 0); if (column.bytes\ sent != NULL && column.bytes\ sent != "-") THEN (total = total + column.bytes\ sent);total | group by status | order by value desc 

 

 

 

  • No labels