Solved: timechart to display calculated values

kirrusk · ‎06-26-2020

Trying to display Percentages on Timechart , but it's not working.

Base search | fields APP Usage_kb | eval Usage_gb= round(Usage_kb/1024/1024, 5) | timechart count by APP.

it's not working.

I want to display timechart for Usage_gb per APP.

please help me.

kirrusk · ‎06-26-2020

i got it

basesearch | fields APP Usage_kb | eval Usage_gb = round(Usage_kb/1024/1024, 5) | timechart span = 1d max(Usage_gb) AS Usage_gb by APP.

it's working.

skoelpin · ‎06-26-2020

Pass the eval AFTER the timechart. The eval will do the math on a column by column basis

| fields APP Usage_kb

| timechart max(Usage_kb) AS Usage_kb by APP

| eval Usage_gb= round(Usage_kb/1024/1024, 5)

kirrusk · ‎06-26-2020

Thankyou, but it's not giving data in Usage_gb , displaying data in Usage_kb only

kirrusk · ‎06-26-2020

i got it

basesearch | fields APP Usage_kb | eval Usage_gb = round(Usage_kb/1024/1024, 5) | timechart span = 1d max(Usage_gb) AS Usage_gb by APP.

it's working.

timechart to display calculated values