Update REST search

Splunk SmartStore Migration.md

@@ -128,13 +128,16 @@ Additional Splunk Searches:
 | sort start_epoch
 | eval Duration = end_epoch - start_epoch, Duration = tostring(Duration, "duration")
 | convert timeformat="%F %T %Z" ctime(start_epoch) AS Start ctime(end_epoch) AS End 
-| fields - *_epoch 
 | eval Completed = round(current_job/total_jobs,4)*100, End = if(isnull(End), "N/A", End), status = case( status=="running", "Running", status=="finished", "Finished", true(), status )
-| eventstats count AS rc sum(eval(Completed/3)) AS overall 
+| eventstats sum(eval(Completed/3)) AS overall 
 | eval overall = round(overall,2)
 | fields splunk_server Start End Duration status total_jobs current_job Completed overall 
 | rename splunk_server AS "Splunk Indexer" status AS Status current_job AS "Current Job" total_jobs AS "Total Jobs" 
-| appendpipe [ | stats count BY overall | rename overall AS Completed | fields Completed] 
+| appendpipe [ 
+    | stats count BY overall 
+    | eval "Current Job" = "Overall Completion" 
+    |  rename overall AS Completed 
+    | fields Completed "Current Job"] 
 | fields - overall
 | eval Completed = Completed . "%"
 ```