In order to use charts, the search query should produce aggregate results, for that you should use a group or aggregate operators.
Another possibility is that your data may be a string data type instead of a number. Most aggregate operators will cast your data to a number, operators like first and last do not. You can cast your data to a number if needed using the "num" operator.
Example:
_sourceCategory=concierge completed execution
| parse "Execution duration: * s" as duration
| timeslice 5m
| first(duration) as duration by _timeslice
| num(duration) | sort by duration
More information on aggregate operators can be found here: https://help.sumologic.com/05Search/Search-Query-Language/aaGroup
Comments
0 comments
Please sign in to leave a comment.