New to Splunk and trying to learn it: sorry for the dumb question.
So I am trying to filter out a list of POS devices that have not passed any traffic in the past 7 days so I can build reports for techs to replace.
**index="hgm" AND model="POS" AND ERROR="Failed" AND Client_Sessions =0 | stats dc(MACADDRESS) by IP**
I guess I need to get a count of Unique MAC addresses for these devices so I can plot a chart AND make sure that Client_Sessions are 0 during the whole day
Any Idea how I can get that done?
↧
