HI all,
Need help in getting below code adjust to get the value as expected.
index=nw_syslog "DDOS_PROTOCOL_VIOLATION_SET" AND ( "*USDAL*" OR "*USEMC*" OR "*NLACO*" OR "*SGPNH*" OR "*USHCO*" OR "*INMCO*" OR "*CACCO*" OR "*CATRC*" OR "*GBLHD*") ARP
| stats latest(_time) as Time_CST count by hostname
| sort - Time_CST
| fieldformat Time_CST=strftime(Time_CST,"%x %X")
Current Output
hostname Time_CST count
USEMCPOD07-DCNPS3003 02/28/20 06:41:37 3
USEMCPOD07-DCNPS3001 02/28/20 06:41:36 3
USEMCPOD07-DCNPS3002 02/28/20 06:41:36 3
USEMCPOD07-DCNPS3004 02/28/20 06:41:36 2
Expected output.: minus the second.
hostname Time_CST count
USEMCPOD07-DCNPS3003 02/28/20 06:41 3
USEMCPOD07-DCNPS3001 02/28/20 06:41 3
USEMCPOD07-DCNPS3002 02/28/20 06:41 3
USEMCPOD07-DCNPS3004 02/28/20 06:41 2
↧