Hi, I have a group field "bin" and a query that takes index=myindex response_code!=00. I'm not sure how to create an alert to warn when there is an x percentage increase from day to day on any of the bins. I tried something along these lines, but could not get the prev_error_count to populate:       index=myindex sourcetype=trans response_code!=00 | bin _time span=1d as day | stats count as error_count by day, bin | streamstats current=f window=2 last(error_count) as prev_error_count by bin | eval perc_increase = error_count / prev_error_count)*100, 2) | table perc_increase         ... View more