Hi,

I currently have a search which counts each unhealthy system for a set number of days. The idea is to get an idea if the numbers are increasing or decreasing. Currently I have a Column chart visualization, but I rather have a Line chart which give more of a visual perspective of the situation. This is the search:

index=linux  earliest=-1d@d latest=@d "healthcheck: System not healthy" | dedup host | stats count by host
| stats count as TotalA
| appendcols 
[search index=linux earliest=@d latest=now "healthcheck: System not healthy" | dedup host | stats count by host 
| stats count as TotalB]
| appendcols 
[search index=linux earliest=-2d@d latest=-1d@d "healthcheck: System not healthy" | dedup host | stats count by host 
| stats count as TotalC]
| appendcols 
[search index=linux earliest=-3d@d latest=-2d@d "healthcheck: System not healthy" | dedup host | stats count by host
| stats count as TotalD]
| appendcols 
[search index=linux earliest=-4d@d latest=-3d@d "healthcheck: System not healthy" | dedup host | stats count by host 
| stats count as TotalE]       
| eval Yesterday=TotalA 
| eval Today=TotalB
| eval Daybeforeyesterday=TotalC
| eval Daybeforethat=TotalD
| eval Daybeforethat1=TotalE
| fields HealthchecksError, Daybeforethat1, Daybeforethat, Daybeforeyesterday, Yesterday, Today

That's an example of the current visualization. Any idea which one I should choose or what I should change in the search? I can't get one to work..

Thanks a lot!