DEVHIDE
Login Or Sign up

Sumologic: calculate a value from two log queries

1.6k Views Asked by At

I have two log queries from the same stream that both return the number of log messages that match the search criteria.

First I want to get the number of incoming blobs as follows:

namespace=ns cluster=we container=project1
| where %"log.@m" matches "*About to handle incoming blob*"
| count as Incoming

Then I have another log query to get the number of successfully handled blobs from the same stream. The only difference is in the "matches" clause:

namespace=ns cluster=we container=project1
| where %"log.@m" matches "*successfully handled blob*"
| count as Success

I'd like to calculate the ratio, i.e. Success / Incoming, but I can't find the right way to achieve that. I've tested subqueries, the metrics explorer and some other ideas that Google provided but with no success. Any pointers are welcome.

logging sumologic
Original Q&A
2

There are 2 best solutions below

0
On BEST ANSWER

You can combine these two queries into one. You could do that by calculating whether the line matches your pattern and storing that information as a new field. Something like this (I haven't tested):

namespace=ns cluster=we container=project1
| %"log.@m" matches "*successfully handled blob*" as success

Or actually you would rather convert that to a numeric value (so it's easier to aggregate on):

namespace=ns cluster=we container=project1
| if (%"log.@m" matches "*successfully handled blob*", 1, 0) as success

and then with that you can aggregate:

...
| sum(success) as successCount, count as totalCount
| successCount / totalCount as successRatio

Disclaimer: I am currently employed by Sumo Logic

0
On

Thanks Gregorz for your hint, it helped me find the correct response. In my case there are many different messages so I had to add an extra filter. Here's the final query I've come up with:

namespace=ns cluster=we container=project1
| where (%"log.@m" matches "*successfully handled 
blob*" or %"log.@m" matches "*About to handle incoming blob*")
| if (%"log.@m" matches "*successfully handled 
 blob*", 1, 0) as success
| sum(success) as successCount, count as totalCount
| (successCount / (totalCount - successCount)) * 100 as ratio
| format("%.0f",ratio) as successRatio
| fields successRatio

Related Questions in LOGGING

Related Questions in SUMOLOGIC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.