Hi, In one of  my index data populating and all fields and showing until i uploaded one csv file to that index. After that my actual data is not populating. Can someone help us how to get original data. ... View more

Hi,I have one query that we need to submit node downtime duration report based on node monthly.Every month how much time that node down and how much time it is up.Please help me with the query.Please find the sample log(100 is up ,200 is down) 08/29/2022 10:05:00 +0000,host="0.0.1.1:NodeUp",alert_value="100"              08/29/2022 10:05:00 +0000,host="0.1.1.1:NodeUp",alert_value="100" 08/29/2022 10:00:00 +0000,host="0.0.1.1:NodeDown",alert_value="200" 08/23/2022 10:10:00 +0000,host="0.0.1.1:NodeUp",alert_value="100"  08/23/2022 09:55:00 +0000,host="0.0.1.1:NodeDown",alert_value="200" Example:If node down for 30 min overall in a month different dates.still we need to display hostname along with dowtime(i.e 30min) and remaining uptime duration in one row Note:Every 5min our Saved search will run and show this log data like above so that time stamp is will be every 5min ... View more

Hi, I have a field called "Created_date". My requirement is to get a monthly count of created and closed tickets. How do I find a created count for a particular month? index="os" sourcetype="Service" (Group="Conn" OR Group="Data") AND (Section="Local" OR Section="health") AND (Component="connectivity" OR Component="health")|dedup CaseNumber,Created_ON|eval closed=if(status="Complete",1,NULL)|stats count(Created_date) AS Created count(closed) AS Closed If i run with a 24 hours range, then it is showing the previous months. "Created_date" data aslo. I need to show 6 months data monthly, how many were created and closed on that particular month. Please help me figure out how to do this! ... View more

Hi, I need to display data person wise for 3 weeks in a bar chart. Please find the attached required dashboard image for a better understanding. My Query is: index="os" sourcetype="Service" CaseNumber=* status=* assignment=* |dedup _time,CaseNumber,assignment |streamstats current=f last(assignment) as lg, last(active) as Active by CaseNumber|lookup L1Team.csv SS as assigned_to OUTPUT TeamName| eval is_escalated= if(assignment!=lg AND assignment_group="Susta",1,NULL) |eval is_resolved=if(assignment="Susta" AND status="Complete" AND (isnull(Active) OR Active="true"),1,NULL) | stats count(is_escalated) AS "Escalated Cases" count(is_resolved) AS "Resolved Cases" by assigned_to,TeamName| fields - TeamName How do you make a dashboard in that way? ... View more