I am ruining a search to look for 7705 routers that has rebooted for loss of power. this is working well, but I wish to add to it "Old server 0.0.0.0" OR ("Jan 1") OR ("Dec 31") | eval hourx=strftime(_time, "%m-%d") | dedup CASCADE hourx | sort host| sort - host _time | chart count by host hourx where top100 I'd Like to add two Columns to my search the first is a sum of the past days TotalLast10 the second is number of days I had a hit DayswithHits I'd like it to look like this. I have been playing with addtotals eventstat and so far haven't had any luck not sure if this is possible with chart or if I'll need to scrap this approach Thanks Graham ... View more

I have a search that brakes down some router alarms . my fields are Host_IP & Alarm What I'm trying to do is filter for hosts that only take a specific alarm and do not have certain alarms. these are state changes . these alarms are SessionUp SessionDown SessionProtChange Im looking to isolate Hosts that only exhibit SessionUp alarm without having the usual SessionDown and SessionProtChange Thanks. ... View more