I have a field with event IDs. Some of the IDs indicate an issue, while some of them indicate the opposite.
eventid=1 MalwareScanDown
eventid=2 MalwareScanUp
Eventid=3 SystemOffline
EventID=4 SystemOnline
EventID=5 PolicyUpdateFail
EventID=6 PolicyUpdateSuccuess
I want to create a pie chart that shows systems that have a latest status of good, or bad.
Is there a way to group the results of eventID=2,4,6 into a new field called good. Likewise, is there a way to group eventid 1,3,6 into a new field called bad?
↧