Hi All,

i am trying to display the data in the region wise Map based on the stats count and saving as choropleth Map

but not working

index=index_name sourcetype=souretype_name
|lookup test .csv JOB_NAME OUTPUT KB REGION CUTOFF_CST
| eval Last_Job_start=strftime(strptime(LAST_START,"%Y/%m/%d %H:%M:%S"),"%H:%M:%S")
| eval Job_End_by=strftime(strptime(LAST_END,"%Y/%m/%d %H:%M:%S"),"%H:%M")
```| eval Scheduled_Start_Time=strftime(strptime(NEXT_START,"%Y/%m/%d %H:%M:%S"),"%H:%M:%S")```
``` Manual Fixes ```
| eval Scheduled_Start_Time=if(isNULL(NEXT_START),Scheduled_Start_TimeM,strftime(strptime(NEXT_START,"%Y/%m/%d %H:%M:%S"),"%H:%M:%S"))
| eval Scheduled_Start_Time_Epoch=strptime(Scheduled_Start_Time,"%H:%M:%S")
``` SLA 2 Min ```
| eval Scheduled_Start_Time_EpochSLA=Scheduled_Start_Time_Epoch+120
| eval Last_Job_start_ephoch=strptime(Last_Job_start,"%H:%M:%S")
``` Check if job is configured for starting at multiple times in an hour ```
| eval START_MINSisNull=if(isnull(START_MINS),"True","False")
``` SET START SLA ```
| eval START_SLA=if(isnull(Scheduled_Start_Time),"No Start Schedule",
IF(START_MINSisNull="False","No Start SLA", ```ignore START_MINS because too complex to deal with ```
IF(Last_Job_start_ephoch<Scheduled_Start_Time_Epoch,"Started Early",
IF(Last_Job_start_ephoch > Scheduled_Start_Time_EpochSLA,"Started Late", "Started On Time"))))
``` CONVERT RUN TIMES TO MINUTES ```
| eval RUNTIME_MIN=if(STATUS="ACTIVATED","",round(RUNTIME/60,2)) ``` ignore check if job in ACTIVATED status```
| eval AVG_RUN_TIME_MIN=round(AVG_RUN_TIME/60,2)
| eval diff_MIN=RUNTIME_MIN-AVG_RUN_TIME_MIN
``` SET END SLA ```
| eval Currenttime=strftime(now(),"%H:%M")
| eval Diff=RUNTIME-AVG_RUN_TIME ```Compare Run time to average```
| eval Over_Avg_runtime=if(STATUS="ACTIVATED","",if(RUNTIME>AVG_RUN_TIME,"Yes","No")) ``` ignore check if job in ACTIVATED status```
| eval Over_Job_Cutoff=if(STATUS="ACTIVATED","",if((RUNTIME/60)>Max_Total_Mins,"Yes","No"))
| eval Overrun=if(STATUS="ACTIVATED","",if(Diff>60 AND Diff<=300,"Overrun>1min",if(Diff>300,"Overrun>5mins",""))) ``` SLA2 - was run time longer than average + 5 min```
| eval Over_Job_Cutoff=if(STATUS="ACTIVATED","",if(Job_End_by>CUTOFF_CST,"Yes","No"))
| eval END_SLA=if(Over_Job_Cutoff="Yes","End SLA Breach","Within SLA")
``` SET TABLE/FIELDS ```
| fields JOID,JOB_NAME,JOB_GROUP,REGION,TIMEZONE,Scheduled_Start_Time,DAYS_OF_WEEK,,LAST_START,START_SLA,STATUS,LAST_END,AVG_RUN_TIME,RUNTIME,Diff,END_SLA,KB,NEXT_START,CHECK_NAME,STATUS_TIME,RUN_MACHINE,RUN_NUM,EXIT_CODE,STATUS_CODE,Over_Avg_runtime,RUNTIME_MIN,AVG_RUN_TIME_MIN,diff_MIN,MAX_RUN_ALARM,DESCRIPTION,START_TIMES,START_MINS,EXCLUDE_CALENDAR,ALARM_IF_FAIL,MAX_RUN_ALARM,N_RETRYS,CUTOFF_CST,Overrun,Over_Cutoff,Over_Job_Cutoff,Job_End_by
|dedup LAST_START RUNTIME
| rename AVG_RUN_TIME_MIN as RT_AVG
| rename RUNTIME_MIN as RT
| rename Over_Avg_runtime AS RT_OVER
| table KB,JOB_NAME,REGION,DAYS_OF_WEEK,LAST_START,START_SLA,STATUS,LAST_END,RT_AVG,RT,RT_OVER,Overrun,CUTOFF_CST,END_SLA,Over_Job_Cutoff,Job_End_by