Always Rename Your Fields
It's slightly more accurate to say "always rename your fields after aggregation functions (e.g., stats, timechart)" but that lacks the zing.
Why is this so important? The biggest reason is that it will just consistently make your life easier. If your search is as simple as this:
sourcetype="applog" | timechart span=1d sum(ProcessingTime) by host
Then sure, no problem -- name them whatever you like.
But if your search takes another step in complexity and you want to do some math... you run into issues:
sourcetype="applog" | bucket _time span=1h | stats sum(ProcessingTime) by host, _time | eval ProcessingTimeInMinutes=/60
You'll have more success with:
sourcetype="applog" | bucket _time span=1h | stats sum(ProcessingTime) as SumProcessingTime by host, _time | eval SumProcessingTimeInMinutes=SumProcessingTime/60
And suppose you start doing some Summary Indexing without using the sistats method, you'll find that you spend time looking through the raw data to discover that Splunk has decided
to store your field as sum_ProcessingTime_.
Finally, when you're presenting data to a user, rename those fields too. No business user wants to see AvgSumProcessingTime. Toss on a | rename AvgSumProcessingTime as "Average Time Spent Processing Per Hour" and your report will get more use, and you'll get fewer questions.
So try working a field rename as a part of your standard practice while building stats and timechart commands. It will take longer to type, and make your queries longer, but I promise it will be worth it in the end.