I am trying to query and not able to get the output , only i am getting host names, Avg response , count , but need Span of 1 month also in the output .
below is the search queary where i expecting month on month column output also ...
sourcetype="ats_request" host!=dc* | stats avg(duration) as "Average App Response Time" count(sourcetype) as "Total Count" by host
Try this
sourcetype="ats_request" host!=dc*
| bucket _time span=1mon
| stats avg(duration) as "Average App Response Time" count(sourcetype) as "Total Count" by host _time
Thanks a lot, it works for me @kmaron
Since it worked for you please accept my answer so others know your question was answered.