- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I have a chart I am trying to create that splits data based on another field. IE:
.... | stats count by Airport status | chart sum(count) over Airport by status
Which gives the chart:
| Airport | Started | Error | Complete |
----------------------------------
| LAX | 43 | 13 | 15 |
| JFK | 31 | 22 | 9 |
| ORD | 43 | 19 | 17 |
| AUS | 54 | 15 | 18 |
| CDG | 325 | 13 | 90 |
| SFO | 248 | 3 | 133 |
----------------------------------
What I would like to do is create a new column with the value consisting of one column value minus another column value. So taking the example above, I want to create a new column called "Dropped" and do the following math:
Dropped = started - (error+complete)
Essentially creating:
| Airport | Started | Error | Complete | Dropped
----------------------------------
| LAX | 43 | 13 | 15 | 5 |
| JFK | 31 | 22 | 9 |0 |
| ORD | 43 | 19 | 17 | 7 |
| AUS | 54 | 15 | 18 | 21 |
| CDG | 325 | 13 | 90 | 222 |
| SFO | 137 | 3 | 133 | 1 |
----------------------------------
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nevermind I figured this out. It's pretty simple via the | eval Dropped=(started - (Error+Complete))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nevermind I figured this out. It's pretty simple via the | eval Dropped=(started - (Error+Complete))
