Greetings,
I have saved search (alerts) like this:
I know that each of these saved alert which is alert can be visualized dependently. Is it possible to combine these saved search (alert) in one visualization and one search?
For example:
1. I want to make a search that contains count from all triggered alert (all saved search), the table or statistic should look like this
Field | triggered count |
Saved Search 1 (Alert 1) | 3 |
Saved Search 2 (Alert 2) | 4 |
and so on.
2. From that search, I want to visualize it, like a pie chart, so it will like this:
Saved Search 1 = 20%
Saved Search 2 = 30%
and so on.
Thanks in advanced
See if | rest /servicesNS/-/-/alerts/fired_alerts/- gets you started.
Hi @richgalloway ,
Should I type that command on the new search or in the saved search?