i want to verify if there is a difference in 2 counts made that relate to diferent timelines.
This is what i've came up with
index="tenablesc" sourcetype="tenable:sc:assets"
| dedup ip
| stats count(ip) as "Number of machines Detected(All time)"
| append
[ search index="teenablesc" sourcetype="tenable:sc:assets" earliest=-14d
| dedup ip
| stats count(ip) as "Number of machines Detected(Past 14 days)" ]
and the output is the following:![alt text][1]
I would like to put both on the same line, or even if possible just have one field that is the difference between both values
Thank you for any help you can provide
[1]: /storage/temp/277678-2019-11-29-12-51-16-settings.png
↧