Hey
I'm trying to present this search over time, but without success. I tried to use buckets and to add by _time, but it doesn't work. Can you pls assist? Thanks.
The search is:
sourcetype=clientlogs ApplicationIdentifier=AndroidTrader ActionString=#5_Login_User Mode=Real
| iplocation IPAddress
| search Country=China
| stats count as TotalLogins
| appendcols [search sourcetype=clientlogs ApplicationIdentifier=AndroidTrader Mode = Real ActionString="#5_Login_User" StatusDetails = "[justified]"
| iplocation IPAddress
| search Country=China
| stats count AS JustifiedErrors
| appendcols [search sourcetype=clientlogs ApplicationIdentifier=AndroidTrader Mode = Real ActionString="#5_Login_User" StatusID=OK
| iplocation IPAddress
| search Country=China
| stats count AS success ]
| eval OverallSuccess = JustifiedErrors + success ]
| eval Success_Ratio%=((OverallSuccess/TotalLogins)*100)
| table OverallSuccess TotalLogins Success_Ratio%
... View more