I get under the statistics, no results found when I made the selected changes.
index=network sourcetype=nessus severity!=informational (earliest=-120d@d latest=-90d@d+1d) OR (latest=-30d@d earliest=@d) dest_dns=hqw0prd1rebs61.ent.pbgc.gov
| dedup signature_id, dest_dns
| eval hostnamesplit=split(dest_dns,".")
| eval hostnamesplit=mvindex(hostnamesplit,0)
| lookup AssetTag.csv Asset as hostnamesplit OUTPUT BusinessUnit1 System1
| eval Combo=mvzip(BusinessUnit1, System1)
| fields - System1, BusinessUnit1
| mvexpand Combo
| makemv Combo delim=","
| eval BU1=mvindex(Combo,0)
| eval Sys1=mvindex(Combo,1)
| fields - Combo
| dedup hostnamesplit signature_id BU1 Sys1 | eval x=BU1."^".signature."^".Sys1."^".dest_dns."^".severity | rex field=x "(?<BU1>[^\^]+)\^(?<signature>[^\^]+)\^(?<Sys1>[^\^]+)\^(?<dest_dns>[^\^]+)\^(?<severity>[^\^]+)"
| stats values(month) as months by x
| where mvcount(months)=2
| fields - months
| rename Sys1 AS "System", signature AS "Signature", BU1 AS "Business Unit",dest_dns as "Host" severity as "Severity"
Is what my query is as of now.
... View more