Every minute the file gets updated with new values as you can see below
index="new_tor" "Destination to Source negative jitter Number/Sum/Sum2" This returns the below results
8/27/15 8:54:15.512 AM Destination to Source negative jitter Number/Sum/Sum2: 103/106/112
8/27/15 8:53:15.496 AM Destination to Source negative jitter Number/Sum/Sum2: 199/206/220
8/27/15 8:52:15.496 AM Destination to Source negative jitter Number/Sum/Sum2: 108/109/111
Now I want to make a timechart for Sum, so my search query is
index="new_tor" "Destination to Source negative jitter Number/Sum/Sum2" | rex "(?\d\d)\/(?\d\d)\/(?\d\d)" | timechart span=1min values(Sum) as Jitter-Sum | sort - _time | head 10
And I see below results. The values I would expect to see would be 106,206,109
_time Jitter-Sum
2015-08-27 08:54:15
2015-08-27 08:53:15 75
2015-08-27 08:52:15 59
Any idea where I am making mistake?
... View more