I am running the following query
index=security sourcetype=WeatherUnderground | eval Date=strftime(_time,"%m/%d/%y") |stats latest("current_observation.precip_today_in") as DailyRainfall by Date | table Date, DailyRainfall
And it produces data as it is supposed to, showing me the daily totals of rainfall. I want to ultimately create a table that is the SUM of the daily rainfall for each day in the month and then display it as a MonthYear , MonthlyTotal.
I have tried using the bin command to group by month after the stats and I have also tried to extract the month after I run the above query with a pipe to eval MonthYear=strftime(_time,"%B %Y") but the data doesn't show up. How can I turn this data into a table of monthYear , monthlyTotals? Attached is the current query and results. Thank you.![alt text][1]
[1]: /storage/temp/137211-rainfallquery.jpg
↧