Hey community,
Browsed a lot of posts, but did not found any answer to my problem...
I have a sourcetype that give me this kind of results for a row, here is 3 exemples :
_time=2019-09-25T15:40:34.000+02:00,UP=45,WARN=12,DOWN=5
_time=2019-09-25T15:41:34.000+02:00,UP=43,WARN=14,DOWN=3
_time=2019-09-25T15:42:34.000+02:00,UP=45,WARN=12,DOWN=3
UP,WARN and DOWN values are a count of "status" (UP,WARN and DOWN) at _time (these results are retrieved through REST API sourcetype, so I cannot change anything at the indexing level)
I would like to build a graph showing "status" by _time
Unfortunately, it seems that a timechart can only be built based on some count() or avg() or sum() ... etc but since my values are already a count, what can be my options here? All my tries led to displaying incorrect data :-(
Thank you in advance!
↧