Hi,
I have a chart that works, but mgmt wants the host values to map to something more meaningful. Is there a way to do this?
My search is this:
index=coreops sourcetype=snmpinfo source="/usr/local/nsmutils/varlog/splunk_cgk_sessions.log" | head 9 | chart sum(CONNECTIONS) as CONNECTIONS by HOST | eval H=HOST | eval HOST="" | xyseries HOST H CONNECTIONS