Hello,

Need help with this search.
I would like to use timechart to aggregate the results hourly. My search is:

sourcetype="prod-analytics"
| search _application_id="player", _application_name!="", _guid!=""
| stats timespan=1h count(eval(application_event="ClientStarted")) AS total_cnt_startup, count(eval(application_event="LoginFailed")) AS total_cnt_login_failed, count(eval(application_event="PortForSpeedTestingBlocked")) AS total_cnt_port_for_speed_testing_blocked, by _application_name
| eval total_cnt_failure=(total_cnt_login_failed)+(total_cnt_port_for_speed_testing_blocked)
| eval percent_failure=sigfig((1.0*(total_cnt_failure/total_cnt_startup))*100)."%"
| eval total_login_success = total_cnt_startup - total_cnt_failure

| fields _time, _application_name,total_cnt_startup,total_cnt_failure,total_login_success,percent_failure
| rename _application_name as "Application Name", total_cnt_startup as "Total Start Up Count", total_cnt_failure as "Total Failure Count", total_login_success as "Login Success", percent_failure as "Failure Rate",

Explanation --> In this search, I specify the events from which my fields are computed and then I compute 2 fields to get the total failure count with:
eval total_cnt_failure=(total_cnt_login_failed)+(total_cnt_port_for_speed_testing_blocked)
I also calculate the percentage of failure with:
eval percent_failure=sigfig((1.0*(total_cnt_failure/total_cnt_startup))*100)."%"
I also evaluate the login success with:
eval total_login_success = total_cnt_startup - total_cnt_failure

The first part works fine and the results are displayed. However, I want only some fields to display in my output. So I specified the fields option ( highlighted in bold ), but with this, the fields are displayed, but it does not have any value associated.

In my search results, I want to display:
_time, _application_name, total_cnt_startup, total_cnt_failure, total_login_success, percent_failure
Can you please provide inputs?

Thank you.