Hi all,
I had some trouble with a search but got it to work. But the search istelf isn't that "clean" I suppose.
Someone mentioned `Timechart` but I couldn't get it to work.
This is the search:
index=linux host="i*soe*" earliest=-1d@d latest=@d "healthcheck: System not healthy" | dedup host | stats count by host
| stats count as TotalA
| appendcols
[search index=linux host="i*soe*" earliest=@d latest=now "healthcheck: System not healthy" | dedup host | stats count by host
| stats count as TotalB]
| appendcols
[search index=linux earliest=-2d@d host="i*soe*" latest=-1d@d "healthcheck: System not healthy" | dedup host | stats count by host
| stats count as TotalC]
| eval Gister=TotalA
| eval Vandaag=TotalB
| eval Eergisteren=TotalC
| fields HealthchecksError, 2days ago, Yesterday, Today
Would there be a way to improve the search syntax wise?
Thanks!
↧