Hi,
i have a simple query where i am getting response times by host. i want to get the sum of hosts as a filed. I have to use that field in Slack.
host=xxx* sourcetype=yyyyy | stats avg(time) by host
So i have tried to use eventstats but that did not accept host as an argument. Any suggestions please?
↧