Hi,

I have a first dashboard with this query:

index=ind  hostname=* (cat_name=success OR cat_name=failed) service=*
| eval site=substr(DeviceName,1,7) + substr(DeviceName, -4)
| stats values(cat_name) as status by mac service site
| where mvcount(status)=1 and status="failed" and service="x"
| dedup mac
| stats count by site

In the result I have a count of only "failed" by site. If I click on a count, I go to another dashboard that shows some informations for the specific site. This is the second dashboard query:

index=ind  hostname=* (cat_name=success OR cat_name=failed) service=*
| eval site=substr(DeviceName,1,7) + substr(DeviceName, -4)
| stats values(cat_name) as status by mac service site
| where mvcount(status)=1 and status="failed" and service="x"
| dedup mac
| search site="$token$"
| dedup mac  
| table site mac status ip dest

The problem is that I have not results for ip and dest, I think beacause I lost them after stats command. Can you help me???

Thanks in advance