is there a way to search for more than 1 eventtype for a single host and display the same in a stats table
fields available are
eventtype= eg disk full, disk crash, cpu high
need to display all hosts which have more than 1 eventtype .eg a hostname with both cpu high and disk full
Perhaps something like this?
index=foo | stats dc(eventtype) as eventCount by hostname | where eventCount > 1 | table hostname eventtype