Hi everyone,
My data is as flowing.
The cnt is events count of scanner_type by day.
I want to show everyday`s different scanner_type events number with a line chart.
_time scanner_type cnt
2019-02-23T00:00:00.000 mykings_ip 113
2019-02-23T00:00:00.000 sql_union1 2915
2019-02-22T00:00:00.000 mykings_ip 174
2019-02-22T00:00:00.000 sqlmap_stacked 39
2019-02-22T00:00:00.000 backup-file 483300
2019-02-22T00:00:00.000 sqlmap_union1 6
I want convert to this format
time sqlmap_union1 backup-file sqlmap_stacked mykings_ip
2019-02-22T00:00:00.000 6 483300 39 174
2019-02-23T00:00:00.000 2915 null null 113
Thanks so much.
Just add the following to the search you have so far:
| timechart sum(cnt) by scanner_type