Hi folks,
Right now I have a saved search the assigns an asset count of how many computers we have into a keyword/value, eg asset_count = 47.
I want to use that saved search to use as a variable for other searches in dashboards, so I can see a percentage of how many systems need patches, etc, using it as a divisor in an eval statement.
What is the correct method for using this search? I've read a lot of the documentation here but I am not sure I am approaching it correctly.
You'd have that search write its output into a lookup. See http://blogs.splunk.com/2011/01/11/maintaining-state-of-the-union/ for inspiration.
You'd have that search write its output into a lookup. See http://blogs.splunk.com/2011/01/11/maintaining-state-of-the-union/ for inspiration.
Exactly what I was looking for. Great read!