Hello,
In my data, there could be multiple values(duration) for Scriptname. I am using Time Chart to display data and it should include all values including duplicates.
All Data
Time Chart
My Query:
eventtype=mlc_live host=TALANX_PostGoLive sourcetype=tool_lifecycle | rex field="ScriptName" "^\S+_(?<ScriptName>[^\.]+)\.\S+" | table _time Duration GROUPBY ScriptName UniqueIdentifier | dedup UniqueIdentifier | timechart max(Duration) BY ScriptName
Currently, I am using max function which include only one value. How can I display all events (including duplicates) in time chart graph.
