Hi
I have the following search query which shows the output as shown below,as you can see the issue is the linegraph is a flat one when the values are actually different,can anyone provide guidance what is wrong here and how to fix it?
| makeresults
| eval _raw="{
\"entry\" : [{
\"Analyze.Count\":\"100\",
\"Analyze.Screen\":\"100\",
\"Analyze.Investigate\":\"101\",
\"Analyze.Review\":\"103\",
\"_time\": 1556668713
}, {
\"Analyze.Count\":\"700\",
\"Analyze.Screen\":\"800\",
\"Analyze.Investigate\":\"801\",
\"Analyze.Review\":\"803\",
\"_time\": 1556683685
},{
\"Analyze.Count\":\"200\",
\"Analyze.Screen\":\"1000\",
\"Analyze.Investigate\":\"1001\",
\"Analyze.Review\":\"1003\",
\"_time\": 1556683885
},{
\"Analyze.Count\":\"50\",
\"Analyze.Screen\":\"800\",
\"Analyze.Investigate\":\"801\",
\"Analyze.Review\":\"803\",
\"_time\": 1556682885
}]
}"
| spath
| fields - _raw _time
| mvexpand entry{}._time
| rename entry{}.* as *
| timechart min(*) AS * max(*) AS *
CURRENT OUTPUT:-
1 Solution
