Synopsis

A function that counts the number of search result events based on a query to be executed on the record.

Syntax

^{countif “[search_query]”}

Required Arguments

search_query

Syntax: <character string>

Description: The search query to be executed on the record

Optional Arguments

None

Description

When used following the initial simple search query, returns the number of events resulting from the search. When used iteratively, counts the number of results returned from the complex search preceding the pipe.

Examples

Example 1: 

  ^{* in log.access | countif status=200}

 Returns the number of events containing status 200 in log access.

Example 2:

^{* in log.application | countif message contains error | group by event | order by countif desc}

Returns the number of each event containing error in the log application in a descending order.