Hi helpful people,
I have an interactive dashboard which can search different time scales and drilldown on users. Next, I wish to drilldown on two different locations; more specifically, two different gateways. My current search string is below:-
host=CATSG14 "Failed login" GATEWAY="*" AND "Failed login" | stats count by USER_IDv3 | sort - count | search USER_IDv3="$USER_IDv3$" GATEWAY="$GATEWAY$"
My idea is to have a dropdown box which lists the gateways and from this I can sort. The problem I'm getting at the moment is that no Statistics are being shown. Only when I delete the GATEWAY="$GATEWAY$" from the string, do stats appear. Where I am I going wrong?
Any help would be massively appreciated.
↧