Hi @Anud, We can optimize your search if you provide mock samples of your data, but here's an example using makeresults and your current search structure to simulate the fields required by the visua...
See more...
Hi @Anud, We can optimize your search if you provide mock samples of your data, but here's an example using makeresults and your current search structure to simulate the fields required by the visualization: | makeresults format=csv data="QUE_NAM,FINAL,QUE_DEP
S_FOO,MQ SUCCESS,
S_FOO,CONN FAILED,
S_FOO,MEND FAIL,
S_FOO,,3"
| stats sum(eval(if(FINAL=="MQ SUCCESS", 1, 0))) as good sum(eval(if(FINAL=="CONN FAILED", 1, 0))) as error sum(eval(if(FINAL=="MEND FAIL", 1, 0))) as warn avg(QUE_DEP) as label by QUE_NAM
| rename QUE_NAM as to
| eval from="internal", label="Avg: ".label." Good: ".good." Warn: ".warn." Error: ".error
| append
[| makeresults format=csv data="queue_name,current_depth
BAR_Q,1
BAZ_R,2"
| bin _time span=10m
| stats avg(current_depth) as label by queue_name
| rename queue_name as to
| eval from="external", label="Avg: ".label
| appendpipe
[ stats values(to) as from
| mvexpand from
| eval to="internal" ]] good, error, and warn are special fields supported by the visualization. Add the label field to provide a custom link label, and leave the special fields intact to produce the flowing dot animation.