Solved: Dashboard

uagraw01 · ‎11-05-2020

As Per below screenshot, i getting results the difference between last week host and this week host count. But i want list of the difference servers in splunk search. How can i retreive the list of all 23 servers which arr having diffrence from last week count to this week count.

richgalloway · ‎11-05-2020

Try using

| stats dc(host) as Total_host, values(host) as Hosts by Week_Status

You'll also need to modify the stats commands that follow so they don't discard the Hosts field.

The last two lines of the query should be deleted because they add no value.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-05-2020

Try using

| stats dc(host) as Total_host, values(host) as Hosts by Week_Status

You'll also need to modify the stats commands that follow so they don't discard the Hosts field.

The last two lines of the query should be deleted because they add no value.

---
If this reply helps you, Karma would be appreciated.

uagraw01 · ‎11-08-2020

Yes, i get the solution. Thanks for the help

Dashboard

Other

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!