This is probably quite simple and I am missing something..
i am using this search.
index=sxxx sourcetype=sxxx host=xyz source="C:\\mydata" |Dedup _time|table _time, host, username, SimulatorProcess, ProcessTime
I have the following search result
08/19/2019 16:44:34,136Z INFO user[XXXX] tid[ 1] [(null)]: ProcessSimulationResults took: 1.1204099 seconds
i did a field extraction to get the username, what the process is and the time. I would like to put these in a table and average them out. Search has 4 results but when i put into a table i get many null results.
what is the best way to display and average these out. Would also like to have a single display of the averages over day/week/month.
thanks!
... View more