sourcetype=mysourcetype AND searchstuffforerrors | stats count by host
| eval redCount = if(count>20,count,0)
| eval yellowCount = if(count<=20 AND count>15,count,0)
| eval greenCount = if(count<=15, count, 0)
| fields - count
How to make it to count only top 10 values?
... View more
If this has been resolved, can you let me know the configuration changes which need to be done to get all the service now data in splunk.
... View more