Does anyone know if there is a simple way to create a dashboard that would show the offline and stale agent counts for the day?
Hi Richard,
as an MDR customer, you have access to agent beacons in log search. Using these agent beacons you could configure a point in time snapshot of online agents.
However we define offline agents as not having beaconed in the last 10 minutes.
The tricky thing about this is, you are effectively looking for an absence of logs (agentids that have sent a beacon in the last day, but not the last ten minutes). The absence of logs is not something we can visualize, so the best you could do with the agent beacons is to show the unique number of agents beaconing over time.
If you select the agent beacons log, under the Endpoint Agent logset.
Then create a dashboard with the query calculate(unique:hostId)
David