Okay. It looks like it is getting closer.
I am using the following:
source="/zones/COP1/root/var/svc/log/application-ucop-topcop-pub:default.log" | rex field=messages_read "total/interval/max=?\d+\/(?d+)\/" | timechart span=1h avg(interval) AS avgInterval
On the Statistics tab there is a _time column and a avgInterval column, but there is nothing listed in the avgInterval column. Would I expect to see a number in that column, equating to an average of all the results for an hour?
Much appreciated!
... View more