Hello:
I have the following search:
index=M sourcetype="n" name="M*"
|dedup host-ip, plugin_name, plugin_family, severity, "ports{}.port", "ports{}.transport" | eval vulhost=if (severity="critical" or severity="high" or severity="medium" or severity="low",'host-ip',null())| stats dc(host-ip) as TH, dc(vulhost) as VH, first(date_month) as ETime, count(eval(severity="critical")) as VH1, count(eval(severity="high")) as VH2, count(eval(severity="medium")) as VH3, count(eval(severity="low")) as VH4, count | fillnull critical, high,medium,low,VH1,VH2,VH3,VH4
|eval RiskValueL=round((VH1+0.75*VH2+0.5*VH3+0.1*VH4)/(VH1+VH2+VH3+VH4)*(VH/TH),5)
I have to show a timechart with the RiskValue that is calculated in the search, however if I add the timechart at the end of the search, it shows nothing. How can I modify this search to be able to visualize a timechart of the RiskValue for the past 3 months for example?
... View more