This is my first time posting to the community, I hope this answer is not listed somewhere else.. if it is I have been unable to find it.
I create my own dashboards for everything and I am more or less trying to tackle my first data correlation attempt but so far have come up short.
The Dashboard I have created uses dynamically generated filters the field I am focused on at the moment is very simple; its "host" and it looks like this:
(Filter1)
$time_span$ index=$nexus_app_dc$ nexus_syslog_level=$nexus_loglevel$ $keyword$ | chart count by host
(THIS WORKS)
What I want to do is use the results of this chart to run another search against other data. I will provide an example
Lets say the chart comes back with the following:
"10.0.0.1"
"10.0.0.2"
"10.0.0.3"
I only want my next search to contain hosts that are in that list.. here is what I have so far:
$time_span$ index=dcxx_acs Address=$nexus_app_host$ | top limit=50 _time, User, Address, CmdSet | fields - count - percent
I guess in my mind I see it something like the following if I were to write it out manually
$time_span$ index=dcxx_acs Address=10.0.0.1 OR Address=10.0.0.2 OR Address=10.0.0.3| top limit=50 _time, User, Address, CmdSet | fields - count - percent
I hope at least some of this makes sense to some of you guys, any assistance is appreciated.
... View more