Hi,
I am trying to pass time from a bar graph. for example a user can click any bar on the graph and the earliest and latest time for that bar should be passed to another panel.
I tried setting up the tokens but it takes the entire time instead of the particular instance.
please find my search below. I think it is because of the span condition. please help?
index=abcd RecordType="'TestRecord'"
| search tname="'xyz'"
| eval rtime=rtime/1000
| eval success = if (rtime < 5, 1, 0)
| timechart span=1d count as total,sum(success) as success,avg(rtime) as average_rtime
| eval average_rtime=round(average_rtime,2)
| eval success_rate = round(((success) /total)*100,2)
| bucket _time span=1d | convert ctime(_time)
| chart avg(success_rate) over average_rtime by _time
| rename NULL as success_rate
↧