| eval RESULT = round(RESULT, 2)
| eventstats count as total
| eventstats count by RESULT
| stats values(count) as count, values(total) as total by RESULT
| eval probability = count/total
| sort 0 RESULT
| streamstats last(RESULT) as Prior_RESULT window=1 current=false
| fillnull value=0
| eval diff = RESULT - Prior_RESULT
| accum diff
| accum probability
| table diff, probability
NeroCube
commented
3 years ago