I am trying to get each value to be divided by certain number (x). So if x=7, the first value would be 138.
index=net_auth_long| eval time_hour=strftime(_time,"%H")| chart count over channel by time_hour limit=30
Hi
could you try this
.... | chart eval(count(<your field name>)/7) AS field_div_by_7 by channel time_hour
r. Ismo
View solution in original post
How would I round the results?
Time by time you must add ’ to surround <<FIELD>> to get SPL to known that it’s a field like
| foreach * [ eval <<FIELD>> = round(‘<<FIELD>>’,2)]
