Hi
I have the following search which displays the sum of a field, but I am trying to put a time chart in hourly which shows the sum of that particular hour.
…..My Search……| rex "value(?\d+.\d+)" | stats count by amount |stats sum(amount) as total
How to modify my search to display the hourly count?
Any help or Suggestions?
↧