Hi
I use the search below in order to catch a field called "flag_patch_version" from a csv file called "patchlevel.csv"
| inputlookup host.csv
| lookup patchlevel.csv "Computer" as host
| stats count by host flag_patch_version
| where isnotnull(flag_patch_version)
| rename host as Hostname, flag_patch_version as "Current Patch level"
| fields - count
| table Hostname "Current Patch level"
| sort +"Current Patch level" limit=10
I have a second csv file called "patch_in_late.csv" you can see in https://www.cjoint.com/c/IGxhVGCNdNb
What I need is to add a column called "patch_in_late_count" in my main search which compare the current patch level of a specific hostname to the current patch level in "patch_in_late.csv"
The syntax of the patch level is W10P**041**.$w$
The number in bold is incremented every month with + 1
If for July, the patch level is W10P**041**.$w$, it will be W10P**042**.$w$ for august
By comparison, I mean that I need to count the number of patch in late between the 2 data sources for the current month
Example:
Imagine that the current patch level for a specific machine is W10P041.$w$ and the patch level for the current month is W10P045.$w$ in "patch_in_late.csv", then I need to display in "patch_in_late_count" colum the difference between the two patches, that is to say 4 (45 - 41)
Is anybody can help me on this complex development please??
↧