Hi all,
I'm pretty new to Splunk and I'm trying out different things to challange myself. I completed the fundementals 1 course and started testing on some Linux systems. I'm trying to find unhealthy systems and sort them by "problem". That part works right now, but now I want to show the percentages of the problems.
index=Linux HCS "NOT OK" | table HCS host | search host="o*" host!="osas*" | stats count by HCS
How should I go about summing everything up and getting all percetages based on different problems?
In the course they use `top [field] limit=10` to view percentages, but in this case, that's not working.
Can someone help me out a bit?
Thanks!
↧