Seeing different results when performing similiar searches and not sure on the reason.  base search is the same for both    |timechart span=5m count(eval(if(event=="Started",total,0))) as "started, count (eval(if(event =="Completed",total,0))) as "completed" |eval divergence = completed-started second search is |timechart span=5m count(eval(event=="Started")) as "started, count (eval(event =="Completed")) as "completed" |eval divergence = completed-started    they both produce same results but reversed: first query  time started completed divergence time 18499 18517 18 time 18426 18422 -4   second query time started completed divergence time 18517 18499 -18 time 18422 18426 4   any help will be appreciated   ... View more