its not extracting the whole data ... View more

Hi , Thanks for the response! Please find the details below filename -BackupJobSummaryReport_2024-07-07-08-00-06 ( it will be in incremental order based on date) path - C:\Users\_svcAPACCommVault01\OneDrive - Lendlease\Desktop\csv\*.csv column separator,-   Client,Host Name,Total Jobs,Completed,Completed with errors,Completed with warnings,Killed,Unsuccessful,Running,Delayed,No Run,No Schedule,Committed,Size of Application,Compression Rate,Data Written,(Space Saving Percentage),Start Time,End Time,Protected Objects,Failed Objects,Failed Folders sourcetype - backup index - acn_lendlease_commvault ... View more

please post the solution ... View more

Hi , I have added the config details already  , still data is not coming ... View more

Hi bowesmana Thanks for the efforts we have data sets index=acn_lendlease_certificate_tier3_idx tower=Self_Signed_Certificate | stats latest(tower) as Tower, latest(source_host) as source_host , latest(metric_value) as "Days To Expire", latest(alert_value) as alert_value, latest(add_info) as "Additional Info" by instance | eval alert_value=case(alert_value==100,"Active",alert_value==300,"About to Expire", alert_value==500,"Expired") | where alert_value="About to Expire" | search Tower="*" AND alert_value="*" | sort "Days To Expire" | rename instance as "Serial Number / Server ID", Tower as "Certificate Type" , source_host as Certificate , alert_value as "Certificate Status" here i am trying to add one more coulmn called incident  To extract the incident details with respect to certificate values If inc is available , then it should display numbers, orelse null To extract the INC, using the below query   index=acn_ac_snow_ticket_idx code_message=create uid="*Saml : Days to expire*" OR uid="*Self_Signed : Days to expire*" OR uid="*CA : Days to expire*" OR uid="*Entrust : Days to expire*" | rex field=_raw "\"(?<INC>INC\d+)," | rex field=uid "(?i)^(?P<source_host>.+?)__" | table INC uid log_description source_host | dedup INC uid log_description source_host | rename INC as "Ticket_Number"   ... View more

yes ... View more

yes  I have created regex to extract incident details and source host ... View more

Thanks!!  Its working ... View more

Thanks for your response! I got the query I index  | timechart span=1d sum(abc) as total by xyz | eval day=lower(strftime(_time,"%A")) | where day=="monday" | fields - day ... View more

still its not working ... View more

Its throwing an error    ... View more

I want to show data for every monday on weekly basis   ... View more

may i know the exact answer Please ... View more

Hi   I want to change font size label (to bold) in pie chart please help me with code       ... View more