I am going to accept this answer as it got me closer to my goal, but I had to do some major reworking to get it to work.
The query above does not apper to give me any different results that what I get without the eventstats commands.
However, if I do the eventstats BEFORE the chart command and chart the correct value, I get what I was looking for.
Here is my final query:
index=* sourcetype=my-csv |
stats count(Signal) as bySignal by StationName,Signal |
eventstats sum(bySignal) as SumofCount by StationName |
eval PercofCount = (bySignal/SumofCount)*100 |
chart sum(PercofCount) over Signal span=3 by StationName
If you do a "table StationName,Signal,SumofCount,PercofCount" instead of the chart command you will see what is happening.
One note: "Signal" is not continuous, but is a range of whole integers from 0 to -101.
Basically, eventstats added the "SumofCount" metric to each line of the base table (where it is count per Signal value) just as advertised. Then you can do the eval statement to get the percentage for each Signal value for each StationName, and finally chart the SUM of the PercofCount for Signal binned in 3db bins.
Thanks!
... View more