Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question
Solved! Jump to solution

Question about search

nebel
Communicator
โ€Ž07-06-2012 02:12 AM

Hi,

I built a search like this

sourcetype=firewall rule=100 | search drop OR accept | head 1

This shows my only the last event (drop or accept).

Now I want to visualize with a colored single value field. For "drop" it should going red, for accept it should going green.

How can I realize that?

Thank you very much!

Regards

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution

Drainy
Champion
โ€Ž07-06-2012 06:40 AM

Further to Ayns answer, you don't need to do a | search after your searchterms, they are all search terms. Just do a sourcetype=firewall rule=100 drop OR accept | head etc

0 Karma
Reply