The below search script successfully charts one table with two separate set of search results each has the individual columns. Trouble is, we need the column as merged into one column. Note that not each event type has a result, thus some of the events will have null entry.
Does anyone can light my way?
Thanks.
Here is the search script I am using.
eventType="event1"
| chart count(eval(time<4000)) as event1LessThan4Sec, count as TotalCount1 by siteID
| rename siteID as "ID for 1"
| eval SLAsMet1=event1LessThan4Sec/TotalCount1
| appendcols [ search eventType="event2"
| chart count(eval(time<2000)) as event2LessThan2Sec, count as TotalCount2 by siteID
| rename siteID as "ID for 2"
| eval SLAsMet2=event2LessThan2Sec/TotalCount2
]
... View more