Joseph Plunkett

Total activity 16
Last activity January 29, 2021 16:11
Member since February 04, 2020 22:40

Following 0 users
Followed by 0 users
Votes 1
Subscriptions 5

Activity overview

Latest activity by Joseph Plunkett

Joseph Plunkett commented, January 29, 2021 16:11
Shanmukhanand Naikwade | _sourceCategory=<srcCat> | count dst_ip, dst_port| now() as _messagetime| transactionize dst_ip (merge dst_ip takeFirst, dst_port join with ", ") | fields - _messagetime ...
- View comment
- Joseph Plunkett
- January 29, 2021 16:11
- 0 votes
Joseph Plunkett commented, January 29, 2021 16:02
Shanmukhanand Naikwade Ahh yeah I see what you're saying. You need to do a count before the transactionize to dedup the ports. It is possible I do have this working, it just isn't clean.
- View comment
- Joseph Plunkett
- January 29, 2021 16:02
- 0 votes
Joseph Plunkett commented, January 29, 2021 15:49
Shanmukhanand Naikwade Yes, in order to remove duplicates you can do a couple things. First, you can 'count' the ports before the transactionize OR you can use the 'takeFirst' param in the transact...
- View comment
- Joseph Plunkett
- January 29, 2021 15:49
- 0 votes
Joseph Plunkett commented, April 14, 2020 13:11
I got this figured out and I'll post the answer here in case it helps someone else. _sourceCategory=<YourSrcCategoryHere>| count dst_ip, dst_port // this dedupes the values| now() as _messageti...
- View comment
- Joseph Plunkett
- April 14, 2020 13:11
- 1 vote
Joseph Plunkett created a post, April 09, 2020 20:11
Merge Multiple Values into a Single Field
1. Community
2. Using Sumo Logic
Hello, I am looking for a way to merge several values into one field (or cell) in order to reduce the clutter in a table view. For example, when parsing my Firewall logs I want to be able to pa...
- Joseph Plunkett
- April 09, 2020 20:11
- 2 followers
- 8 comments
- 0 votes
Joseph Plunkett commented, February 23, 2020 16:10
Are your logs always in this format? If so it would probably be better to use the 'parse anchor' method.
- View comment
- Joseph Plunkett
- February 23, 2020 16:10
- 0 votes
Joseph Plunkett created a post, February 14, 2020 19:30
Field Extraction Rule Only Works if Receipt Time Checked
1. Community
2. Using Sumo Logic
Hello, I have created a FER for my proxy but for some reason it is not working right. If I click the "Use Receipt Time" checkbox then I can see all my fields from the rule. If I do not click ...
- Joseph Plunkett
- February 14, 2020 19:30
- 1 follower
- 0 comments
- 0 votes
Joseph Plunkett commented, February 14, 2020 19:26
Hey Ryan, Sorry for the late response, I never got notified that you responded to the thread. I ended up figuring it out doing what you did, but thanks for the help!
- View comment
- Joseph Plunkett
- February 14, 2020 19:26
- 0 votes
Joseph Plunkett commented, February 05, 2020 13:45
| where (hour > 18 or hour < 6) :)
- View comment
- Joseph Plunkett
- February 05, 2020 13:45
- 0 votes
Joseph Plunkett created a post, February 04, 2020 22:40
Urlencode for special characters
1. Community
2. Using Sumo Logic
Hello, I am trying to use the urlencode() + concat() functions to create a linked search. The link will display in a dashboard and open the search in a new window. For the most part I have this wo...
- Joseph Plunkett
- February 04, 2020 22:40
- Edited
- 2 followers
- 2 comments
- 0 votes