Thanks, but getting an error.

So I fixed the bin command I believe it needs to be used as bin _time span=1mon, when I fix that. It doesn't like my TimePeriod (which is a field (%F) in my data:

|eval Owner=ProductName| bin _time span=1mon TimePeriod| stats sum(Cost) as Total by Owner TimePeriod| eval Total=Total(round,2)| chart values(Total) over TimePeriod by Owner

Error in 'bin' command: Invalid argument: 'TimePeriod'

Just make it bin span=1mon _time and do the stats and chart using _time instead of TimePeriod.

You know I started changing things over to that, but said "well _time has nothing to do with my TimePeriod, so I bailed.. but.. okay. So closer 🙂

If I keep it as is just replacing the TimePeriod with _time, it has a hard time with my total change to 2 decimal points and crys

|eval Owner=ProductName| bin span=1mon _time | stats sum(Cost) as Total by Owner _time | eval Total=Total(round,2)| chart values(Total) over _time by Owner

Error in 'eval' command: The 'total' function is unsupported or undefined.

Now I remove ; eval Total=Total(round,2) , which I really can't do, numbers are just too long with out it.

This looks right, other than the 2 decimals and the _time is including hours and offset,

|eval Owner=ProductName| bin span=1mon _time | stats sum(Cost) as Total by Owner _time | chart values(Total) over _time by Owner

Now i see time reference like 2018-10-01T00:00:00.000-7:00 That's a bit long, would like it just to be 2018-10-01 or (%F)

But it's closer than I've been able to get so far 🙂

It’s | eval Total= round(Total,2)

My bad I didn’t realize while typing .

HAH a bit of work but I'm dancing, needed to add the eval_time to change the format and your correction on my 2 decimal point fixed that piece. So yes !!!!!

|eval Owner=ProductName| bin span=1mon _time | eval _time = strftime(_time,"%F") | stats sum(Cost) as Total by Owner _time | eval Total= round(Total,2)| chart values(Total) over _time by Owner

Thank you for working it through with me, def the right pointers!