Hello,
Newbie here, I am trying to get the following on one dashboard panel.
Average number of events per day over the last 60 days.
Average number of events per day over the last 7 days.
Total number of events over the last 24 hours.
This is the search I've got so far...
host="192.168.1.1" earliest=-60d Action=block | stats count as N | fieldformat N=N/60 | appendcols [search Action=block earliest=-7d | stats count as M] | fieldformat M=M/7 | appendcols [search Action=block earliest=-1d | stats count as O] | rename N as "Last 60 Days", M as "Last 7 Days", O as "Last 24 Hours"
So the numbers are way out. I think it has something to do with the extra searches and appendcols. This is probably obvious to most, but I am just starting out 🙂
Thanks.
... View more