Solved: Re: I am trying to create a report for displaying ...

sabithanitg · ‎04-20-2015

create a report for displaying number of times, replacement of printer supply unit in 1 year, by calculating when the supply level is zero, and by IP.

aweitzman · ‎04-20-2015

Without knowing what your data looks like, this suggestion will make some obvious assumptions about your events:

source=printersupplyunits | stats count(eval(supplylevel=0)) as count by IP

Where printersupplyunits is the source of your events, IP is the IP address of each event, and supplylevel represents the supply level at the time of the event.

View solution in original post

aweitzman · ‎04-20-2015

Without knowing what your data looks like, this suggestion will make some obvious assumptions about your events:

source=printersupplyunits | stats count(eval(supplylevel=0)) as count by IP

Where printersupplyunits is the source of your events, IP is the IP address of each event, and supplylevel represents the supply level at the time of the event.

I am trying to create a report for displaying number of times, replacement of printer supply unit in 1 year, by calculating when the supply level is zero, by IP. Is there any one to help on this?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?