source="c:\logs\abc.log"
| rex field=url "(?<=\/)(?<ApiId>\w+?)(?=$|\?)"
| search url != "*/swagger/"
| spath output=timeSpent path=durationInMs
| spath output=status path=data.statusCode
| evel error = if(status != 200, 1, 0)
| stats count as total, avg(timeSpent) as avgTimeSpent, sum(error) as errCount by ApiId
| eval errorRate = round(100 * errCount / total, 2), avgTimeSpent= round(avgSpentTime, 2)
| sort total desc原文:https://www.cnblogs.com/swlin/p/10748769.html