Don Gothing
- Total activity 12
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 1
- Subscriptions 4
Activity overview
Latest activity by Don Gothing-
Don Gothing commented,
Hi Kota, Here's an article about this exact kind of application. This is the query that should separate out the ip addresses and enable mapping once you enter your search criteria. | parse regex "(...
-
Don Gothing commented,
It sounds like the health events beta would be helpful for your use case. You can always see health status of collectors on the Collection page by going to Manage Data > Collection. A quick wa...
-
Don Gothing commented,
if the fields are currently fixed you could statically assign them. eg: if cs1label='foo' cs1='bar' cs2Label='baz' cs2='spam' then | keyvalue auto keys "cs1", "cs2" as foo, baz You could put if sta...
-
Don Gothing commented,
For regular searches and dashboards the best practice is to add a field extraction rule to parse the fields on ingest rather than in the query to keep the query running quickly. Here's a link to th...
-
Don Gothing commented,
Hi Daniel, To parse reasonCode and AttributeAgentID I would use these statements: | parse "\'ReasonCode\' \'*\'" as reasonCode| parse "AttributeAgentID \'*\'" as agentID Then show only reasonCode...
-
Don Gothing commented,
Hi, Are you trying to get a list of all categories grouped by collector? I tried this to get the collector and sourceCategory: * | count by _sourceCategory, _collector | fields -_count
-
Don Gothing commented,
Hey Nicholas, We don't seem to have a good way to dynamically assign the value of one pair to be the key of another. Will cs1 and cs2 be have the same labels in all of the logs or do they change?