Hello,
Is there a way I can merge these two searches into a single conditional search?
index="webs" (process_resource>0) AND (subs_id>0)| bucket _time span=1h |stats distinct_count(process_id) as NumProcesses by _time
index="webs" (process_resource==0) AND (subs_id>0)| bucket _time span=1h |stats distinct_count(process_id) as NumProcesses0 by _time
... View more