Splunk_deploy/deployment-apps/CEIP-RESEAU/local/savedsearches.conf

[Alarmes Fevrier Mars Avril]
action.email.useNSSubject = 1
action.webhook.enable_allowlist = 0
alert.track = 0
dispatch.earliest_time = 1709247600
dispatch.latest_time = 1714514400
dispatchAs = user
display.general.timeRangePicker.show = 0
display.general.type = statistics
display.page.search.mode = verbose
display.page.search.tab = statistics
display.visualizations.charting.chart.stackMode = stacked
display.visualizations.custom.type = flow_map_viz.flow_map_viz
display.visualizations.show = 0
request.ui_dispatch_app = CEIP-RESEAU
request.ui_dispatch_view = search
search = index="idx_tic_spectrum" earliest=1709247600 latest=1711922400\
| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 \
| search Severity="Critical" OR Severity="Major"\
| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\
| search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie"\
| stats count as Mars by Alarm_Title\
| append [ search index="idx_tic_spectrum" earliest=1711922400 latest=1714514400\
| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 \
| search Severity="Critical" OR Severity="Major"\
| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\
| search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie"\
| stats count as Avril by Alarm_Title]\
| append [ search index="idx_tic_spectrum" earliest=1706742000 latest=1709247600\
| transaction id keepevicted=true keeporphans=true maxopentxn=10000000 \
| search Severity="Critical" OR Severity="Major"\
| lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner\
| search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie"\
| stats count as Fevrier by Alarm_Title]\
| stats sum(Fevrier) as Fevrier, sum(Mars) as Mars, sum(Avril) as Avril by Alarm_Title\
| sort -Mars\
| addcoltotals label="Total" labelfield=Alarm_Title Fevrier Mars Avril