Hi all
This might be very straight forward, but i cant get my head around it, so i hope someone is able to help me out.
The task is to show every hostname with a value greater than 5 on failedpct.
This is my search:
sourcetype=stats | stats first(customername) as customer, last(monPingGWCheck) AS upstatus, count, count(FailedModulesString) AS failedcount by hostname | eval failedpct=failedcount/count*100 | eval failedpct=if(upstatus == 1, failedpct, 0) | sort customer, -failedpct | table customer, hostname, upstatus, count, failedcount, failedpct
Any suggestion?
