Count Events per Repository

Count of the events received by repository

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1{{Aggregate}} 2[\Update Field Data\] 3[/Drop Field\] result{{Result Set}} repo --> 1 1 --> 2 2 --> 3 3 --> result style 2 fill:#ffbf00; style 3 fill:#2ac76d; click 3 #examples-events-count-repo-3
logscale
bucket(span=1d,field=#repo,function=count())
| @timestamp:=_bucket
| drop(_bucket)

Introduction

Count of X events received by a repo (Cloud).

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1{{Aggregate}} 2[\Update Field Data\] 3[/Drop Field\] result{{Result Set}} repo --> 1 1 --> 2 2 --> 3 3 --> result style 2 fill:#ffbf00; style 3 fill:#2ac76d; click 3 #examples-events-count-repo-3 style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    bucket(span=1d,field=#repo,function=count())

    Buckets the values, using the field #repo using a count()

  3. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1{{Aggregate}} 2[\Update Field Data\] 3[/Drop Field\] result{{Result Set}} repo --> 1 1 --> 2 2 --> 3 3 --> result style 2 fill:#ffbf00; style 3 fill:#2ac76d; click 3 #examples-events-count-repo-3 style 2 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    | @timestamp:=_bucket

    Updates the timestamp to the value generated by the bucket()

  4. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1{{Aggregate}} 2[\Update Field Data\] 3[/Drop Field\] result{{Result Set}} repo --> 1 1 --> 2 2 --> 3 3 --> result style 2 fill:#ffbf00; style 3 fill:#2ac76d; click 3 #examples-events-count-repo-3 style 3 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    | drop(_bucket)

    Discards the _bucket field from the results.

  5. Event Result set.

Summary and Results

The query can be run on each repo. Or, create a view that looks across multiple repos and then run it from there to get all the repo counts in one search.