earliest=-24h@h latest=@h index=nameoftheindex
| eval GT2=if(_indextime-_time>=120,1,0)
| bin _time span=1h
| stats avg(GT2) as PctGT2 by _time sourcetype
| eval PctGT2=round(100*PctGT2,2)
| timechart avg(pctGT2) as pctGT2 by sourcetype
Technically, if you are going to use timechart , you wouldn't have to bin the _time and stats for the avg , since timechart will handle that in a single step.
earliest=-24h@h latest=@h index=nameoftheindex
| eval GT2=if(_indextime-_time>=120,100,0)
| timechart span=1h avg(GT2) as pctGT2 by sourcetype
... View more