Logger Dashboard | tstats count where index=* by index, _time span=4h prestats=t | timechart span=4h count by index -7d@h now 1 ellipsisNone 0 visible visible visible none linear none linear none 0 inherit column 50 10 area gaps none 0.01 stacked shiny none 0 0 ellipsisMiddle standard right 2 progressbar 0 1 medium index=suricata | stats values(src_ip) count by alert.signature, alert.signature_id -24h@h now 1 20nonenonefalseprogressbarfalsefalsetrue index=zeek | stats count by _time, tag::eventtype | timechart span=1h count by tag::eventtype -24h@h now column stacked none | tstats count where index=wineventlog by host, _time span=1h prestats=t | timechart span=1h count by host -24h@h now line none progressbar | tstats count where index=osquery by host, _time span=1h prestats=t | timechart span=1h count by host -24h@h now line none progressbar index=powershell | table _time, host, _raw, sourcetype -24h@h now 1none | rest splunk_server=local /services/licenser/pools | rename title AS Pool | search [rest splunk_server=local /services/licenser/groups | search is_active=1 | eval stack_id=stack_ids | fields stack_id] | eval quota=if(isnull(effective_quota),quota,effective_quota) | eval "Used"=round(used_bytes/1024/1024/1024, 3) | eval "Quota"=round(quota/1024/1024/1024, 3) | fields Pool "Used" "Quota" 1 ellipsisNone 0 visible visible visible none linear none linear none 0 inherit bar 50 10 area gaps none 0.01 default shiny none 0 0 ellipsisMiddle standard right 2 0 1 medium