Form the result of a asearch i get field status- success & failed, i need to show the count of success and failed
search= .....|stats count by server status
what it is:
server status count
server1 success 5
server1 failed 2
What i need:
server success failed
server1 5 2
Thanks for the answer! In the search i'm using the lookup, i need to get the NULL if there are no Logins at all
search i'm using:
index=abc .... |eval login=if(duration>10,"success","fail")|join type=outer server[|inputlookup IP.csv rename "IP Address" as server]|search "Owner"="xyz"|eval login=if(isnull(login) OR login="","No Logins",login)|chart count by server login
with this search i can only see the results which has success OR failed
In the lookup i have server's which will not have any of logins, for that i need to show "No logins'' in both success and failed fields. Can you help me with that?
index=abc .... |search "Owner"="xyz" |eval login=if(duration>10,"success","fail") | chart count by server login | append [|inputlookup IP.csv |search "Owner"="xyz" | rename "IP Address" as server | table server ] | stats values(*) as * by server | fillnull value="No Logins"