How to show chart FiledName by another FieldName ?
I wanted to get a chart - SourceAddress by destinationAddress ( i.e., SourceIP by destionation_IP)
I get error : There was a problem: Unknown aggregation function in the chart operator:sourceAddress
How can this be achived ? Any alternative ways or functions to get chart by desired fields ? or some functions like values()
like., <my search> | chart values(sourceIP) by destinationIP