Azriel Nguyen
- Total activity 24
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 3
- Subscriptions 7
Activity overview
Latest activity by Azriel Nguyen-
Azriel Nguyen commented,
when I do the wildcard search other hosts with "uv" shows up, I'm thinking something is probably wrong with the uv1s8222 server. Thanks for your help Rick. Our guy have been doing some restores o...
-
Azriel Nguyen commented,
the host field is in a field extraction rule. I've tested and verified that the host is not including trailing spaces. It is strange that when I do a query for uv1s822: The display field on left...
-
Azriel Nguyen created a post,
Field matches not working properly
I have 2 hosts that I'm interested in: "uv1s822:" and "uv2s822:" this filter should and used to work: | where host matches "*s822:" but now it only shows the latter. The former does show up when ...
-
Azriel Nguyen commented,
You can drill down into the message > Surrounding Messages > +/- 5 Minutes
-
Azriel Nguyen commented,
Try this Sachin, | toMillis(parseDate(enter_time, "HH:mm:ss.SSS")) as enterMillis| toMillis(parseDate(exit_time, "HH:mm:ss.SSS")) as exitMillis| exitMillis - enterMillis as diffMillis | diffMillis ...
-
Azriel Nguyen commented,
you can try adding before query: | formatDate(_messageTime, "MM/dd/yyyy HH:mm:ss:SSS") as loginDate after query:| sort by loginDate desc just make sure to add loginDate to your count hope this helps
-
Azriel Nguyen commented,
no problem, happy Sumo'ing
-
Azriel Nguyen commented,
can use regex, try this: | replace(_sourcename,/.*{task-definition}.*/,"{task-definition}") as _sourcename
-
Azriel Nguyen commented,
Try this Eren, | replace(_sourcename,"{cluser}-{task-definition}-{revision}-{containername}-{id}","{task-definition}") as _sourcename Unfortunately, it doesn't appear that wildcard works for thi...
-
Azriel Nguyen commented,
sweet! happy to help :)