index=nessus severity!=informational severity!=low severity!=medium earliest=-1mon@mon latest=-0mon@mon | top 0 signature | fields - count,percent | rename signature as sign1 | appendcols [search index=nessus severity!=informational severity!=low severity!=medium earliest=-2mon@mon latest=-1mon@mon | top 0 signature | fields - count,percent | rename signature as sign2 ] | where sign1 = sign2
using above search to count the same signature triggered for two different months. i need to compare all values of field sign1 with all values of field sign2. but sign1=sign2 is comparing only the values in same row not the full column.
... View more