I have a query below that produces the sum of bandwidth used by remote intermediate forwarders. The output give me a simple linear output with sum by host.
index=_internal metrics thruput site-hub 11001 host=server0* | stats sum(kb) by host
What I am trying to get without success is to aggregate/subtotal the output by locations (not currently an index field) so that I can produce a graph by location rather than a graph by host.
↧