1
Try something like this
|eval duration_range=mvrange(0, duration + duration%3600, 3600) | eval duration = 1 |mvexpand duration_range |eval _time=_time-duration_range |timechart span=1h max(duration) by dvc
Assuming dvc is the ip address you mentioned and duration is reset to 1 after determining a range, how can the max be anything other than 1?
Please share the search you are using and the results and explain why this is not what you are expecting
You asked a question, I gave you a suggestion, you have completely ignored my suggestion. Please try what I suggested and share your results.
