I am trying to calculate hourly decline percentage rates for several different payment gateways. The percentage is based on hourly decline count / total transaction count for that gateway * 100. My current query is only able to pull the data for 1 gateway and looks like this: gateway=firstdata errorType!=null event=transactionCompleted |bucket _time span=1h | eval hour=strftime(_time,"%H") | stats count(eval(success="false")) as declined, count as total by month | eval percent_declined=(declined / total * 100) Hour |percent_declined 00 19.62 01 18.54 02 18.75 Ideally, I would want the report to look like: Hour |PayPal| FirstData | Stripe | etc....... 00 20.02 18.94 15.214 01 19.45 17.12 15.84 02 19.62 18.54 15.44 I was thinking that this might have to use timechart but hitting a wall. The only thing that I know which the query has to include is gateway!=test which will pull up the data for all the gateways instead of one in particular. Any guidance would would be deeply appreciated! ... View more

I'm trying to add a column to the right of OTHER, which sums up the entire row counts of each errorType per day. So for example, the first value in a column farthest to the right would be the total count for api_error + approved + declined + expired_Card etc. for each day. My current search is gateway=firstdata errorType!=null event=transactionCompleted | timechart count by errorType span="1m" ... View more