Many thanks ITWhisperer, it works fine!

but I have a field time....

And like I said it works normaly after a little time so it's very strange...

Please post an image of the search results before the transpose

https://www.cjoint.com/c/LDzpRnxcFYj

That was the search, not the results.

What do your results look like if you run the search but without the transpose command?

So, there is no time field, but there is a _time field. 

If that is the data right before the transpose then that is why you get 'row X...'

To diagnose this, you will need to run that mammoth search and gradually remove the subsearches from the bottom to find out why of the appendcols is causing the problem.

Your transpose will ONLY work if the table you are converting has the correct structure.

The fact that you have extra rows is an indication that there is some search problem ABOVE the transpose

Ok I am going to do this but i dont understand why most of the time it works well with the same search....

When you work backwards, you will understand why ...

I think your problem is that all your timechart statements are expected to return a table like this

_time	24. Portail SIBP / Espace CO - Utilisateurs ayant au moins 2 erreurs
2022-04-28 07:00	4
2022-04-28 08:00	4
2022-04-28 09:00	4
2022-04-28 10:00	4
2022-04-28 11:00	5
2022-04-28 12:00	5
2022-04-28 13:00	4
2022-04-28 14:00	4
2022-04-28 15:00	4
2022-04-28 16:00	4
2022-04-28 17:00	4
2022-04-28 18:00	0

 However, as soon as any one of those searches gets 0 events, then the appendcols is doing this

_time	24. Portail SIBP / Espace CO - Utilisateurs ayant au moins 2 erreurs
 	0

so in that case, _time is null and you only have a single row, not 12 as you would get from the timechart.

For things to work properly, all of those searches must generate the same number of rows with _time values being the correlating row identifier.

In the above scenario, if your FIRST search returns 0 results then the _time column will always be null.

See this example search modelled on yours that exhibits the possible problem

You should be able to run this

index=_audit earliest=@d+7h latest=@d+19h user=xXXX
    | eval web_url=mvindex(split("/VP_/,/VPI/,/VPC/", ","), random() % 3)
    | fields web_url user _time
    | rename user as sam
    | eval sam=lower(sam) 
    | bin _time span=1h 
    | eval url =upper(web_url) 
    | eval SIBP=case(
        match(url,"/VP_/"),"Portail SIBP historique", match(url,"/VPI/"),"IHM porail Espace CO", match(url,"/VPC/"),"Portail Guichet Espace Co"
        ) 
    | search SIBP=* 
    | stats count as PbPerf by sam _time 
    | search PbPerf > 1 
    | timechart span=1h count as "NO USERS" 
    | appendpipe 
        [ stats count as _events 
        | where _events = 0 
        | eval "NO USERS" = 0 ]
| appendcols [ search index=_audit earliest=@d+7h latest=@d+19h user=*
    | eval web_url=mvindex(split("/VP_/,/VPI/,/VPC/", ","), random() % 3)
    | fields web_url user _time
    | rename user as sam
    | eval sam=lower(sam) 
    | bin _time span=1h 
    | eval url =upper(web_url) 
    | eval SIBP=case(
        match(url,"/VP_/"),"Portail SIBP historique", match(url,"/VPI/"),"IHM porail Espace CO", match(url,"/VPC/"),"Portail Guichet Espace Co"
        ) 
    | search SIBP=* 
    | stats count as PbPerf by sam _time 
    | search PbPerf > 1 
    | timechart span=1h count as "ALL USERS" 
    | appendpipe 
        [ stats count as _events 
        | where _events = 0 
        | eval "ALL USERS" = 0 ]
        ]

Sorry but its not clearing for me

Do i have to double all my searches with 2 différents conditions?

    | timechart span=1h count as "NO USERS" 

    | timechart span=1h count as "ALL USERS" 

Could you please give me an example from my original search?