Kevin

Total activity 271
Last activity January 08, 2020 03:39
Member since December 13, 2012 03:37

Following 0 users
Followed by 0 users
Votes 0
Subscriptions 75

Activity overview

Latest activity by Kevin

Kevin commented, January 08, 2020 03:39
The following should name the field. Let me know if you already tried this. (_sourceCategory="my/thing")| timeslice 1d| count as newname by _timeslice
- View comment
- Kevin
- January 08, 2020 03:39
- 0 votes
Kevin commented, November 20, 2019 23:03
Hi Patrick. If you want to do a 1 time upload I'd suggest posting your file to an HTTP Source. You can use a Curl command to upload your file to the HTTP Source endpoint provided after creating you...
- View comment
- Kevin
- November 20, 2019 23:03
- 0 votes
Kevin commented, November 19, 2019 20:57
Hi Iain, It looks like your getting the default color, possibly due to the value not meeting one of the thresholds. In the "To" value for the Green value can you try changing this to 100.0001 and s...
- View comment
- Kevin
- November 19, 2019 20:58
- Edited
- 0 votes
Kevin commented, November 19, 2019 20:43
Will, From your screenshot it looks like your performing the outlier operation on the _timeslice field instead of the count field. Those really high numbers are actually epoch times, which is what ...
- View comment
- Kevin
- November 19, 2019 20:43
- 0 votes
Kevin commented, November 19, 2019 00:12
Might try something like the following. _sourceCategory = company/gsuite/drive "\"applicationName\": \"drive\"" "\"type\": \"access\"" "\"name\": \"download\""| json "id", "ipAddress", "events", "...
- View comment
- Kevin
- November 19, 2019 00:12
- 1 vote
Kevin commented, November 18, 2019 23:09
Hi Will, Could you provide the query you are currently trying to use, the one that presents the error? It sounds like you have not referenced the timeslice in your aggregations or the timeslice get...
- View comment
- Kevin
- November 18, 2019 23:09
- 0 votes
Kevin created an article, November 05, 2019 15:39
Node.js 8.x End of Life
1. Product News and Announcements
2. Announcements
On December 31, 2019 the Node community will stop support for Node.js 8.x and will provide no further bug fixes, improvements or security updates after this date. In order to ensure you continue to...
- Kevin
- December 17, 2019 17:50
- Updated
- 2 followers
- 0 comments
- 1 vote
Kevin commented, November 01, 2019 22:29
Possible, but will require an additional "transactionize" and "merge" operation. | parse regex ", 'item': u(?<local_intf>.*?)," multi| transactionize _raw (merge local_intf join with ", ", _raw ...
- View comment
- Kevin
- November 01, 2019 22:29
- 0 votes
Kevin commented, November 01, 2019 21:46
Hi Zafar, I put your test message into a test account and tried your parsing expression and this appeared to work for me. Again, note that each parsed value will be placed into a new row, under the...
- View comment
- Kevin
- November 01, 2019 21:46
- 0 votes
Kevin commented, November 01, 2019 20:36
You will want to look at the "multi" option of the parse regex operator. This flag will tell the parsing operation to parse each occurrence of the expression within a single message. Thes parsed va...
- View comment
- Kevin
- November 01, 2019 20:36
- 0 votes