Hi,

As part of my search, I'm building some strings with eval and assigning variable to it. I want to use these built strings to be the text displayed as the timechart fields. It would be something like this:

      <query>index=ecevt2 source=128_distribution 

| eval bucket1_start=round(min_balance,0)
| eval bucket1_end=round(min_balance+range)
| eval bucket1=tostring(bucket1_start). "-" .tostring(bucket1_end)
| eval bucket2_start=round(bucket1_end,0)
| eval bucket2_end=round(bucket1_end+range)
| eval bucket2=tostring(bucket2_start). "-" .tostring(bucket2_end)
| eval bucket3_start=round(bucket2_end,0)
| eval bucket3_end=round(bucket2_end+range)
| eval bucket3=tostring(bucket3_start). "-" .tostring(bucket3_end)
| eval bucket4_start=round(bucket3_end,0)
| eval bucket4_end=round(bucket3_end+range)
| eval bucket4=tostring(bucket4_start). "-" .tostring(bucket4_end)
| eval bucket5_start=round(bucket4_end,0)
| eval bucket5_end=round(bucket4_end+range)
| eval bucket5=tostring(bucket5_start). "-" .tostring(bucket5_end)
| fields bucket1
| timechart span=3m max(value1) as bucket1, max(value2) as bucket2, max(value3) as bucket3, max(value4) as bucket4, max(value5) as bucket5

So, instead of showing "bucket1" as the text of the field for value1 in timechart, I would like to have the constructed string done with eval (tostring(bucket1_start). "-" .tostring(bucket1_end)).

Is there any way to achieve that?

Many thanks