Hi I have this SPL query but getting this error?
Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+.
Any ideas why or how to resolve this please?
| tstats count where index=os earliest=-7d latest=-3h by host, _time span=3h
| stats median(count) as median by host
| join host [| tstats count where index=os earliest=-3h by host]
| eval percentage_diff=((count/median)*100)-100
| where percentage_diff<-5 OR percentage_diff>5
| sort percentage_diff
| rename median as “Median Event Count Past Week”, count as “Event Count of Events Past 3 Hours”, percentage_diff as “Percentage Difference”
