we have a dashboard panel which shows overall AV compliance % for windows servers.code is as below.
--------------------------------------------------------------------------------------------------------------------------------------------------
index=dbconnect sourcetype=dbconnect:sql:SCCM_AVCompliance_AllServers
| table Name DC OU ResourceID SignatureUpTo1DayOld AntivirusSignatureAge AntivirusSignatureUpdateDateTime AntivirusSignatureVersion
| rename Name as host
| join host
[| inputlookup elixpediadashboardservers.csv
| search (host="*") Environment="*"
| search "Operating System"=WINDOWS]
| append
[| inputlookup elixpediadashboardservers.csv
| search (host="*") Environment="*"
| search "Operating System"=WINDOWS]
| dedup host
| fillnull AntivirusSignatureAge Value=2
| eval Compliance=if(AntivirusSignatureAge==0 OR AntivirusSignatureAge==1 ,"COMPLIANT","NONCOMPLIANT")
| stats count(eval(Compliance=="COMPLIANT")) as compliant, count(eval(Compliance=="NONCOMPLIANT")) as noncompliant, count as total
| eval AVUpdateCompliance=round((compliant/total)*100,2)
| table AVUpdateCompliance
----------------------------------------------------------------------------------------------------------------------------------------------
Now customer requirement is to add a filter on top of this panel which shows last 4 months like
January 2019
December 2018
November 2018
October 2018
and this filter has already been created.
My query is...
How do i pass month as a token in my query so that if user select November 2018 from dropdown then panel should show AV % compliance only for November month.
Any help would be highly appreciable.
Thanks
↧