Azriel Nguyen
- Total activity 20
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 3
- Subscriptions 6
Activity overview
Latest activity by Azriel Nguyen-
Azriel Nguyen commented,
You can drill down into the message > Surrounding Messages > +/- 5 Minutes
-
Azriel Nguyen commented,
Try this Sachin, | toMillis(parseDate(enter_time, "HH:mm:ss.SSS")) as enterMillis| toMillis(parseDate(exit_time, "HH:mm:ss.SSS")) as exitMillis| exitMillis - enterMillis as diffMillis | diffMillis ...
-
Azriel Nguyen commented,
you can try adding before query: | formatDate(_messageTime, "MM/dd/yyyy HH:mm:ss:SSS") as loginDate after query:| sort by loginDate desc just make sure to add loginDate to your count hope this helps
-
Azriel Nguyen commented,
no problem, happy Sumo'ing
-
Azriel Nguyen commented,
can use regex, try this: | replace(_sourcename,/.*{task-definition}.*/,"{task-definition}") as _sourcename
-
Azriel Nguyen commented,
Try this Eren, | replace(_sourcename,"{cluser}-{task-definition}-{revision}-{containername}-{id}","{task-definition}") as _sourcename Unfortunately, it doesn't appear that wildcard works for thi...
-
Azriel Nguyen commented,
sweet! happy to help :)
-
Azriel Nguyen commented,
hey Austin, hopefully this will work for you: (?=$) Sorry I was in meeting
-
Azriel Nguyen commented,
change "\n" to "\s" if followed by space. good luck
-
Azriel Nguyen commented,
hey Austin, try this: | parse regex field=domain_lookup"(?<tld1>[^\.]*)(?=\n)" assuming that a newline is following the tld1