Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Current »

Synopsis

A function that counts the number of search result events based on a query to be executed on the record.

Syntax

countif “[search_query]”

Required Arguments

search_query

Syntax: <character string>

Description: The search query to be executed on the record

Optional Arguments

None

Description

When used following the initial simple search query, returns the number of events resulting from the search. When used iteratively, counts the number of results returned from the complex search preceding the pipe.

Examples

Example 1: 

  * in log.access | countif status=200

 Returns the number of events containing status 200 in log access.

Example 2:

* in log.application | countif message contains error | group by event | order by count desc

Returns the number of each event containing error in the log application in a descending order.

  • No labels