Kevin Keech

Total activity 271
Last activity November 20, 2019 23:03
Member since December 13, 2012 03:37

Following 0 users
Followed by 0 users
Votes 0
Subscriptions 75

Activity overview

Latest activity by Kevin Keech

Kevin Keech commented, November 20, 2019 23:03
Hi Patrick. If you want to do a 1 time upload I'd suggest posting your file to an HTTP Source. You can use a Curl command to upload your file to the HTTP Source endpoint provided after creating you...
- View comment
- Kevin Keech
- November 20, 2019 23:03
- 0 votes
Kevin Keech commented, November 19, 2019 20:57
Hi Iain, It looks like your getting the default color, possibly due to the value not meeting one of the thresholds. In the "To" value for the Green value can you try changing this to 100.0001 and s...
- View comment
- Kevin Keech
- November 19, 2019 20:58
- Edited
- 0 votes
Kevin Keech commented, November 19, 2019 20:43
Will, From your screenshot it looks like your performing the outlier operation on the _timeslice field instead of the count field. Those really high numbers are actually epoch times, which is what ...
- View comment
- Kevin Keech
- November 19, 2019 20:43
- 0 votes
Kevin Keech commented, November 19, 2019 00:12
Might try something like the following. _sourceCategory = company/gsuite/drive "\"applicationName\": \"drive\"" "\"type\": \"access\"" "\"name\": \"download\""| json "id", "ipAddress", "events", "...
- View comment
- Kevin Keech
- November 19, 2019 00:12
- 1 vote
Kevin Keech commented, November 18, 2019 23:09
Hi Will, Could you provide the query you are currently trying to use, the one that presents the error? It sounds like you have not referenced the timeslice in your aggregations or the timeslice get...
- View comment
- Kevin Keech
- November 18, 2019 23:09
- 0 votes
Kevin Keech created an article, November 05, 2019 15:39
Node.js 8.x End of Life
1. Product News and Announcements
2. Announcements
On December 31, 2019 the Node community will stop support for Node.js 8.x and will provide no further bug fixes, improvements or security updates after this date. In order to ensure you continue to...
- Kevin Keech
- December 02, 2019 06:18
- Updated
- 1 follower
- 0 comments
- 0 votes
Kevin Keech commented, November 01, 2019 22:29
Possible, but will require an additional "transactionize" and "merge" operation. | parse regex ", 'item': u(?<local_intf>.*?)," multi| transactionize _raw (merge local_intf join with ", ", _raw ...
- View comment
- Kevin Keech
- November 01, 2019 22:29
- 0 votes
Kevin Keech commented, November 01, 2019 21:46
Hi Zafar, I put your test message into a test account and tried your parsing expression and this appeared to work for me. Again, note that each parsed value will be placed into a new row, under the...
- View comment
- Kevin Keech
- November 01, 2019 21:46
- 0 votes
Kevin Keech commented, November 01, 2019 20:36
You will want to look at the "multi" option of the parse regex operator. This flag will tell the parsing operation to parse each occurrence of the expression within a single message. Thes parsed va...
- View comment
- Kevin Keech
- November 01, 2019 20:36
- 0 votes
Kevin Keech commented, October 31, 2019 21:37
Hi Brian,Thanks for the example. (PS I saw your related case but going to answer here to try and help the broader audience) So this is actually going to require a slightly different set of parsing ...
- View comment
- Kevin Keech
- October 31, 2019 21:37
- 0 votes