How to count for each host

incoghnito_1 · ‎12-08-2021

Hi every one
I have some difficulty to count my consumedHostUnits
I have this commande :

index="dynatrace_hp" | search endpoint="infrastructure/hosts" | stats distinct_count(discoveredName) count(consumedHostUnits) by "managementZones{}.name" | search "managementZones{}.name"="[Env]*"

But the results d'ont returne the good information

( i would like to have the total consumedhostUnis for all the host in a managementZone)

Thx for you Help !

incoghnito_1 · ‎12-08-2021

Thx for help
Data is like this several time

{
   agentVersion: {
   }
   bitness: 64bit
   consumedHostUnits: 2
   cpuCores: 4
   customizedName: Incoghnito
   discoveredName: Incoghnito
   displayName: Incoghnito
   endpoint: infrastructure/hosts
   entityId: Incoghnito
   esxiHostName: Incoghnito
   firstSeenTimestamp: 1628511931970
   fromRelationships: {
   }
   hostGroup: {
   }
   hypervisorType: VMWARE
   ipAddresses: [
   ]
   lastSeenTimestamp: 1638953598701
   logicalCpuCores: 4
   managementZones: [
   ]
   monitoringMode: FULL_STACK
   networkZoneId: default
   oneAgentCustomHostName:
   osArchitecture: X86
   osType: LINUX
   osVersion:Incoghnito
   tags: [
   ]
   timestamp: 1638953598
   toRelationships: {
   }
   userLevel: NON_SUPERUSER
   vmwareName:Incoghnito
}

isoutamo · ‎12-08-2021

Hi
can you post example data, so we can help you?
r. Ismo

How to count for each host

count

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

How to count for each host

count

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR