22

我有一个非常简单的查询:

fields @timestamp, req.url, msg
| sort @timestamp desc
| filter msg = "request completed"
| stats count() by req.url

它显示了我的应用程序提供的所有请求,按 url 聚合。但是,我还想按聚合的值对结果进行排序count()- 但两者都| sort count desc不起作用| sort "count()" desc。我怎样才能做到这一点?

4

1 回答 1

34

事实证明,我所要做的就是使用别名,然后按它排序:

fields @timestamp, msg, req.url
| filter msg="request completed"
| stats count() as count by req.url
| sort count desc
于 2020-03-03T10:10:48.153 回答