Sorry i am unbale to post screenshot but here is the search :
index=iam_myid_transac_idx sourcetype="myid_identity" employeeno=* ((employeesource=* employeesubgrp="Contractor") OR (employeesource=* employeesubgrp="Vendors") OR (employeesource=* employeesubgrp="Consultant") OR (employeesource=* employeesubgrp="Agency Temp") OR (employeesource="Temporary Identity" employeesubgrp!="Consultant")) status="Active" earliest=@d latest=now()
|fields employeeno,employeesource,employeesubgrp,employmentenddate
|dedup employeeno
|fillnull value=NULL employmentenddate
|stats count(eval(in(employmentenddate,"31/12/9999","NULL"))) as Contractors_with_no_enddate count(employeeno) as Total_Contractors
|eval Metric9=floor((Contractors_with_no_enddate/Total_Contractors)*100*100)/100
|eval _time=now()
|collect index="iam_reporting_summary_idx" source="myid" marker="Control=\"User De-provisioning\""
Below are the results if i remove the collect and runa manually :
Contractors_with_no_enddate Total_Contractors Metric9 _time
| 8353 | 8535 | 97.86 | 2022-11-19 23:56:1 |
Below are results coming when i view the results in job inspector and check in index.
Contractors_with_no_enddate Total_Contractors _time
