...| fillnull | untable _time sasl_username "Dest in 5m"
| eval date_hour=strftime(_time,"%1H")
| chart avg("Dest in 5m") over date_hour by sasl_username
timechart let me to fill null v...
Hello,
I have a search returning some results that look like this:
sourcetype="somesourcetype" [ search sourcetype="somesourcetype" ... | top limit=100 email | fields + email ] | stats count b...
...olumn:
index=x|stats sum by Total, Model
I was trying to do the following:
Unpivot\Untable all values of columns into 1 column, keep Total as a second column.
The result should look like:
M...
Hi-hi!
Is it possible to preserve original table column order after untable and xyseries commands?
E.g.:
...
| table period orange lemon ananas apple cherry (and I need right this s...
Hello all, How to add another column from the same index with stats function? | makeresults count=1 | addinfo | eval days=mvrange(info_min_time, info_max_time, "1d") | mvexpand days | eval _t...
Hello, I have the following query that I am working with and it generates a table with multiple counts for various ports at 15 min intervals. index=abc source=xyz SMF119HDSubType=2 | timecha...
Hi, I need to find all time_interval for each machine where there is no data (no row for Name) . (to goal is to create an alert if there was no data in a time interval for a machine) for ex...