I have values for a field named action, block, passed, and alerted. How would I go about creating a search to looks for the percentage of blocked to passed/alerted events?
I have the basic search of
index=foo
| stats count by src, action
| stats list(action) as Action, list(count) as count, sum(count) as Total by src
and was thinking eval could be used in some way
Thx
↧