We have the following sourcetypes in index=forescout.
fs_av_compliance
fs_DLP_compliance
fs_fw_compliance
fs_encryption_compliance
They each have the field "description". How do I list each of the descriptions by host? I understand there may be multiple descriptions for any of the sourcetypes, but we can always dedup them....
Here's where I got stuck:
index=forescout (sourcetype=fs_av_compliance) OR (sourcetype=fs_DLP_compliance) OR (sourcetype=fs_fw_compliance) OR (sourcetype=fs_encryption_compliance) | fields src_nt_host description | chart values(description) over src_nt_host by sourcetype | table src_nt_host fs_av_compliance fs_DLP_compliance fs_fw_compliance fs_encryption_compliance
↧