Avatar

Nicholas Sandmann

  • Total activity 13
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 2
  • Subscriptions 4

Activity overview

Latest activity by Nicholas Sandmann
  • Avatar

    Nicholas Sandmann commented,

    also, just realized you were asking if the fields are likely to change.  The answer being that they appear to be fixed(eg: cs2 always = foo and cs1 always = bar), but the way they went about assign...

  • Avatar

    Nicholas Sandmann commented,

    There appear to be only 2 variations in the log cn and cs, all are tied together with the same numeric value.  So 2 variations assuming the software vendor doesn't add any new ones in a future rele...

  • Avatar

    Nicholas Sandmann created a post,

    Dynamic Field names?

    I have a log that looks like this:     cs1Label="Field Name" cs1="some value" cs2Label="Another Field" cs2="another value"   Is there a way to dynamically parse out the cs# values and give them a f...

  • Avatar

    Nicholas Sandmann created a post,

    Rolling timeslices?

    I have an application that logs compliance status as for various application resources as compliant or non-compliant every time an evaluation rule runs, and I'd like to chart the compliance trends ...

  • Avatar

    Nicholas Sandmann commented,

    Thank you!   Actually the 1st one works fine for my needs.  Relying on Sumo's charting functionality to provide the percentages is fine for my needs since this is just needed for a dashboard.  Actu...

  • Avatar

    Nicholas Sandmann created a post,

    Charting top 5 events as a percentage of all events

    I need to add a pie chart to a dashboard that shows the top 5 event ID's from my Windows servers as a percentage of all the events(I don't want every event ID in the chart).  Pulling the top 5 even...

  • Avatar

    Nicholas Sandmann created a post,

    find events NOT in the lookup list?

    I can use the look up command to find all events where an event contains a value that is in my saved list, like this: (_sourceCategory=mycategory) | parse regex "^<\d+>\d+\s+\d{4}-\d{2}-\d{2}[T|t]\...