I'm trying to find a way to return a list of hosts and then create a timechart of a metric for each of the hosts. Below is the attempt I made using the map command, but only the final result seems to display.
index=nix | dedup host | table host | map [search index=nix sourcetype=cpu host=$host$ cpu=All| eval pctCPU=(100 - pctIdle) | eventstats avg(pctCPU) as apctCPU, stdev(pctCPU) as sdev | eval threeSigma=(apctCPU + (sdev * 3)) | where pctCPU < threeSigma | timechart span=5m values(pctCPU)]
↧