Sample query:
index=* app_name="batch" OR app_name=sbond* ("All feed is completed" OR "Test Success: Test" OR "Test1 Success: Test1" OR "Finished handshake success" )|bucket span=1d _time|eval dayweek=strftime(_time,"%A")|convert timeformat="%m-%d-%y" ctime(_time) as c_time
| eval Job = case(like(_raw, "%All feed is completed%"), "first Job", like(_raw, "%Test Success: Test%"), "second Job", like(_raw, "%Test1 Success: Test1%"), "third job",like(_raw, "%Finished handshake success%"), "Genius job", 1==1, "Incorrect searchString match, please refactor")| stats count by Job c_time dayweek|eval status=case((Job="Genius job") AND (dayweek="Saturday" OR dayweek="Sunday"),"NA",count>0,"Success",count<0,"Failure")| xyseries Job c_time status
Actual result:for 30 days it shows sideways .
| jobname |
date1 |
date2 |
date3 |
date4 |
date5 |
date6 |
date7 |
date8 |
date9 |
| xxx |
|
|
|
|
|
|
|
|
|
|
|
Expected result: split the result to 7 days
| jobname |
date1 |
date2 |
date3 |
date4 |
date5 |
date6 |
date7 |
| xxx |
|
|
|
|
|
|
|
| jobname |
date8 |
date9 |
date10 |
date11 |
date12 |
date13 |
date14 |
| xxx |
|
|
|
|
|
|
|
Thanks in Advance
