The main point is in next: For example, we have an index where are the next sample of the data: time number 18:01 0 18:02 1 18:03 1 18:04 0 18:05 1 And I want to create a search that will do the next steps: 1. If 'number' is '1' then to new field add +1 | eval count = 0
| streamstats current=f last(count) as lastCount by _time
| eval count = if(isnull(lastCount), 0, lastCount+1)
| table time, number, count
// but this search doesnt work And the result in the table should be time number count 18:01 0 0 18:02 1 1 18:03 1 2 18:04 0 2 18:05 1 3
... View more