Hi,
I have 4 event filed in a single line, now I need to filter the top 200 event for a particular event filed , which I can do by using " | top=200 ", mu main problem is in the statics and visualization it showing only the event and their count, I would like to have all the remaining 3 event filed which comes with it the data.
In the Table I would like to use the filter is it possible ??? like ordering..??
Thanks in advance.
host=PDT DataTag=HistoryData "Scanned_Network: .Channel"=44| top limit=200 "Scanned_Network: .SSID"
In statics and visualization it providing only SSID,count,percentage. I dont want percentage instead of that I want other event fields. and I also would like to know how to customize the visualization graph.. example instead of count I would like to have event field.
Try something like this
<your base search> [search <your base search> | top limit=200 fieldX | table fieldX] |...remaning search
The subsearch will eliminate other values of fieldX which are not part of top 200.
Hi
host=PDT DataTag=HistoryData [ search host=PDT DataTag=HistoryData | top limit=200 Scanned_Network: .SSID | table Scanned_Network: .SSID] It returns no result, I am sure there is a data. at all time.
My doubt is when I use the top command it will table only one field in statics and visualization, How to add other fields in statics ??
can your provide your current search (before applying top command)?