When I run this search, everything runs fine, but I don't understand why my visualization tab does not populate. Does anyone have any idea what I might be doing wrong?
What I am trying to do is convert all the files into the most appropriate size and graph them
eventtype=egress_* File_Type=*| stats sum(Detail_File_Size) as sum_of_Data by File_Type | eval Data_converted=case( sum_of_Data>=(1024*1024*1024*1024),round(sum_of_Data/(1024*1024*1024*1024),0)."TB", sum_of_Data>=(1024*1024*1024),round(sum_of_Data/(1024*1024*1024),0)."GB", sum_of_Data>=(1024*1024),round(sum_of_Data/(1024*1024),0)."MB", sum_of_Data>=1024,round(sum_of_Data/1024,0)."KB", 1=1,sum_of_Data."B") | table File_Type, Data_converted
![alt text][1]
[1]: /storage/temp/126271-capture.png
↧