I tried the following recommended search option:
index =os host = myaccount ("COMPLETED Login" OR "Password not matched")|eval failTime=if(result="Failure",strftime(_time,"%Y-%m-%d %H:%M:%S"),null()) | eval failCount=if(result="Failure",1,0) | eval succTime=if(result="Success",strftime(_time,"%Y-%m-%d %H:%M:%S"),null()) | eval succCount=if(result="Success",1,0) | bin _time span=1d | stats sum(failCount) as FailureCount, values(failTime) as FailureTimes, sum(succCount) as SuccessCount, values(succTime) as SuccessTimes by EmailAdd _time
For some reason the output for count columns (FailureCount, FailureTimes,SuccessCount & SuccessTimes are all zero except the initial first few columns i.e. EmailAdd and _time. It worked once but now its not.
Also how can I create a BAR chart graph from this result.
Please advise
... View more