I imagine this is a common use case, but I just have yet to be able to wrap my mind around getting the search string to give me what I want. I have two fields: **hostname** and **ap_loc**. I can table the field values to show me which access-point a device was associated with at a specific time, however, I'm looking at trying to display this information in something different than a stats table.. something like a line or timechart that shows over the span of 10m how a device moved throughout the network.. I just have not been able to get anything other than a table to chart the two values to where they can be visualized other than a table.
ex search string that returns the desired information:
index = syslog_aerohive sourcetype = syslog hostname=* | lookup accesspoint access_point | table _time, hostname, ap_loc | sort -_time |
Any suggestions?
↧