Hi,

I have the bellow search:

I am trying to use acceleration reporting however because the eventstats I can't, I have tried to rewrite the search however it does not work, could someone please help me?

index=test sourcetype=test
| eval ResponseTime=round(response_time/1000,2)
| eventstats perc99(ResponseTime) as p99Resp
| eventstats perc90(ResponseTime) as p90Resp
|eventstats perc75(ResponseTime) as p75Resp
| eval p99Unit=if(ResponseTime<=p99Resp,0,1)
| eval p00Response=ResponseTime
| eval p98Response=if(ResponseTime<=p99Resp,ResponseTime,null())
| eval p99Response=if(ResponseTime<=p99Resp,null(),ResponseTime)
| eval p90Unit=if(ResponseTime<=p90Resp,0,1)
| eval p90Response=if(ResponseTime<=p90Resp,ResponseTime,null())
| eval p90Response=if(ResponseTime<=p90Resp,null(),ResponseTime)
| eval p75Unit=if(ResponseTime<=p75Resp,0,1)
| eval p75Response=if(ResponseTime<=p75Resp,ResponseTime,null())
| eval p75Response=if(ResponseTime<=p75Resp,null(),ResponseTime)
| stats sum(p99Unit) as P99Count, avg(p99Response) as p99ResponseAvg, min(p99Response) as p99ResponseMin, max(p99Response) as p99ResponseMax sum(p90Unit) as P90Count, avg(p90Response) as p90ResponseAvg, min(p90Response) as p90ResponseMin, max(p90Response) as p90ResponseMax sum(p75Unit) as P75Count, avg(p75Response) as p75ResponseAvg, min(p75Response) as p75ResponseMin, max(p75Response) as p75ResponseMax
| rename P99Count as "99% Total Count"
| rename p99ResponseAvg as "99% AVG"
| rename p99ResponseMin as "99% Min Response Time"
| rename p99ResponseMax as "99% Max Response Time"
| rename P90Count as "90% Total Count"
| rename p90ResponseAvg as "90% AVG"
| rename p90ResponseMin as "90% Min Response Time"
| rename p90ResponseMax as "90% Max Response Time"
| rename P75Count as "75% Total Count"
| rename p75ResponseAvg as "75% AVG"
| rename p75ResponseMin as "75% Min Response Time"
| rename p75ResponseMax as "75% Max Response Time"

Thanks

Joe