Hi all!! I need some help....I currently have a search that looks at inex volume by pool and that is emailed out daily:
index=_internal source=*license_usage.log type=Usage | eval GB=b/1024/1024/1024 | timechart span=1d sum(GB) by pool | convert ctime(_time) as Day | rename auto_generated_pool_enterprise AS Total | table Day, Total
And this works well....I was wondering if in the email I could add these two searches as seperate tables contained in the one email alert? Or would they have to be seperate emails?
The two I want to add are:
index=_internal source=*license_usage.log type=Usage | eval GB=b/1024/1024/1024 | timechart span=1d sum(GB) by st useother=false
And:
index=_internal source=*license_usage.log type=Usage | eval GB=b/1024/1024/1024 | timechart span=1d sum(GB) by i useother=false
You actually want to create a dashboard that has all three searches, and schedule the dashboard for PDF delivery.
NICE!!! Thanks very much!