Greetings,
I am trying to replicate the dashboards found in the Tenable PVS environment. First, this is the dash I am after:
![alt text][1]
Note the IPs are top 10 and the colors are the severity.
From the data, I have this chart which I think gets me close but for it to work I would have to sort by Critical then by High, then Medium, etc and then take the top 10 IP addresses.
index=pvs | chart count(eval(PVS_risk="CRITICAL")) AS CRITICAL , count(eval(PVS_risk="HIGH")) AS HIGH, count(eval(PVS_risk="MEDIUM")) AS MEDIUM, count(eval(PVS_risk="LOW")) AS LOW, count(eval(PVS_risk="INFO")) AS INFO, count(eval(PVS_risk="NONE")) AS NONE by src
Can anyone offer any pointers or similar dashboards I may be able to leverage?
BTW, I have the PVS app configured and all the dashes displaying but I wanted to get ALL of the PVS dashboards into Splunk
Thanks!
[1]: https://answers.splunk.com/storage/attachments/128259-pvs1.png
↧