I am creating a chart based on a log message value which can have say around 4 value. below is a sample search query
"INFO Metrics - group=search_health_metrics"
| rex field=_raw "name=(?<metric_name>(\S+)),"
| where isnotnull(metric_name)
| eval token_type=case(metric_name="compute_search_quota", "value1", metric_name="bundle_directory_reaper", "value2", metric_name="dispatch_directory_reaper", "value3", metric_name="distributed_peer_heartbeat", "value4")
| eval _stat1=if(token_type="value1", 1, 0)
| eval _stat2=if(token_type="value2", 1, 0)
| eval _stat3=if(token_type="value3", 1, 0)
| eval _stat4=if(token_type="value4", 1, 0)
| stats sum(_stat1) as Stat1, sum(_stat2) as Stat2, sum(_stat3) as Stat3, sum(_stat4) as Stat4
The charts are showing up overlapped for ex, stat1 is getting displayed on top of stat2. but if I show as table the stats shows correctly.
... View more