Query: index=xxx source=Perfmon:LogicalDisk host=$h$ ( counter="Disk Reads/sec" OR counter="Disk Writes/sec" ) | eval read_ops=IF(counter="Disk Reads/sec",Value,0) | eval write_ops=IF(counter="Disk Writes/sec",Value,0) | eval tot_ops=write_ops+read_ops | fields read_ops write_ops tot_ops | timechart max(read_ops) max(write_ops) max(tot_ops) Need to sum the read_ops and write_ops into field total ops for each time interval (1 min) for a timechart. Because the writes ops and read ops values are in separate rows per time interval. example below: 2/16/22 5:29:59.000 PM   02/16/2022 17:29:59.224 -0500 collection=LogicalDisk object=LogicalDisk counter="Disk Writes/sec" instance=_Total Value=27.222955244825506 Collapse     2/16/22 5:29:59.000 PM   02/16/2022 17:29:59.224 -0500 collection=LogicalDisk object=LogicalDisk counter="Disk Reads/sec" instance=_Total Value=5.316598854323969 Collapse   ... View more