解决了这个问题:

|结果 | eval _raw ="2017-06-21 12:53:48,426 INFO transaction.TransactionManager.Info:181-{\" message \:{\" TransactionStatus \:true，\" TransactioName \:\" removeLockedUser-1498029828160 \}}" |重命名为COMMENT AS上面的所有内容都会生成示例事件数据；下面的所有内容都是您的解决方案" | rex"{\" TransactionStatus \:(?[^，] )，\" TransactioName \:\"(?[^ \] )\" |图表计数超过TransactioName按TransactionStatus

| makeresults | eval _raw="2017-06-21 12:53:48,426 INFO transaction.TransactionManager.Info:181 -{\"message\":{\"TransactionStatus\":true,\"TransactioName\":\"removeLockedUser-1498029828160\"}}" | rename COMMENT AS "Everything above generates sample event data; everything below is your solution" | rex "{\"TransactionStatus\":(?[^,]),\"TransactioName\":\"(?[^\"])\"" | chart count OVER TransactioName BY TransactionStatus