I have a search where I want to calculate total transaction volumes over time by transaction type. I'm populating results, but I notice there are some days missing. Here is a screen shot:
http://screencast.com/t/zNVURLk8Je
Here is the search I am using:
index=foo sourcetype=bar
| bucket span=1d _time
| dedup id
| stats count as volume, latest(transaction_type ) as transaction_type by djarfrrw, _time
| eval _time=strftime(_time, "%m/%d/%Y")
| chart max(volume) over transaction_type by _time usenull=f useother=f
Is there anything in the search that might be causing the missing days?
Thanks in Advance!
↧