dns, nt_host, ip, owner, bunit, category, last
servera.mydomain.com,servera,1.1.1.1,Mark,groupa,linux,6/1/2016 12:08:34
serverb.mydomain.com,serverb,1.1.12,Brian,groupb,windows,,
I can't tell if I'm on the right track or not, I've built the query out to this, but I'm not getting a return for the field count
| inputlookup my_assets.csv | eval hasvalue=if(isnotnull(last),"yes","no") | stats sum(hasvalue=yes) as count by bunit | eventstats sum(hasvalue=no) as total | eval percent = round(count/total,2)
... View more