Does anyone have a search to create either a timechart or a table with the notable event times by hour? I want to create a list of the busiest times our notables come in by urgency. I.E. 5 10 lows at 9:00, 11 lows at 10:00, 5 mediums at 9:00, 7 mediums at 10:00, etc.
This search works, but only for the last 24 hours:
| `es_notable_events` | search timeDiff_type=current | timechart minspan=1h sum(count) as count by urgency
I'd like to do an average number of tickets per hour of the day going back at least 30 days.
↧