Why stats command return only one specified platfo...

kacel · ‎07-01-2019

| inputlookup Obso_Inventory.csv | eval Compo=case(Composant="WAF", "LBWAF", Composant="LOAD BALANCER", "LBWAF", Composant="PROXY", "Browsing", Composant="FIREWALL", "Firewall", Composant="GATEWAY SSL", "Remote Access", Composant="GATEWAY SSL VPN", "Remote Access", Composant="IPS", "Anti-Intrusion", Composant="TAP", "Anti-Intrusion")      | rename Compo as Composant | search Composant="Firewall"  Editeur="*" Metier="*" Platform="*" Parent="*"
| stats count  as allFW , dc(Parent) as VSX_Instance

renjith_nair · ‎07-01-2019

@kacel,

Try adding a by clause in your stats

| inputlookup Obso_Inventory.csv 
| eval Compo=case(Composant="WAF", "LBWAF", Composant="LOAD BALANCER", "LBWAF", 
                  Composant="PROXY", "Browsing", Composant="FIREWALL", "Firewall", Composant="GATEWAY SSL", "Remote Access",
                  Composant="GATEWAY SSL VPN", "Remote Access", Composant="IPS", "Anti-Intrusion", 
                  Composant="TAP", "Anti-Intrusion") 
| rename Compo as Composant 
| search Composant="Firewall" Editeur="*" Metier="*" Platform="*" Parent="*"
| stats count as allFW , dc(Parent) as VSX_Instance by Platform

---
What goes around comes around. If it helps, hit it with Karma 🙂

Why stats command return only one specified platform field and not all of them

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

Why stats command return only one specified platform field and not all of them

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...