I am trying to create a search that will give a table displaying counts for multiple time_taken intervals. For example I want to display the counts for calls with a time_taken of 0, time_taken between 1 and 15, time_taken between 16 and 30, time_taken between 31 and 45, time_taken between 46 and 60.......time_taken greater than 300.
Here is the search I have been playing around with to no avail:
|stats avg(time_taken) as Scenario count(eval(time_taken =0)) as Count | eval Scenario = "Calls returning in 0 time"
|appendpipe [stats count(eval(time_taken > 0 AND time_taken <= 15)) as Count | eval Scenario = "Calls returning between 1 and 15 time"]
|appendpipe [stats count(eval(time_taken > 16 AND time_taken <= 30)) as Count | eval Scenario = "Calls returning between 16 and 30 time"]
|appendpipe [stats count(eval(time_taken > 31 AND time_taken <= 45)) as Count | eval Scenario = "Calls returning between 31 and 45 time"]
|appendpipe [stats count(eval(time_taken > 46 AND time_taken <= 60)) as Count | eval Scenario = "Calls returning between 46 and 60 time"]
|appendpipe [stats count(eval(time_taken > 61 AND time_taken <= 100)) as Count | eval Scenario = "Calls returning between 61 and 100 time"]
|appendpipe [stats count(eval(time_taken > 101 AND time_taken <= 200)) as Count | eval Scenario = "Calls returning between 101 and 200 time"]
|appendpipe [stats count(eval(time_taken > 201 AND time_taken <= 300)) as Count | eval Scenario = "Calls returning between 201 and 300 time"]
|appendpipe [stats count(eval(time_taken > 300)) as Count | eval Scenario = "Calls returning more than 300"]
... View more