Don Gothing
- Total activity 12
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 1
- Subscriptions 4
Comments
Recent activity by Don Gothing Sort by recent activity-
Hi Kota, Here's an article about this exact kind of application. This is the query that should separate out the ip addresses and enable mapping once you enter your search criteria. | parse regex "(...
-
It sounds like the health events beta would be helpful for your use case. You can always see health status of collectors on the Collection page by going to Manage Data > Collection. A quick wa...
-
Hey Nicholas, We don't seem to have a good way to dynamically assign the value of one pair to be the key of another. Will cs1 and cs2 be have the same labels in all of the logs or do they change?
-
if the fields are currently fixed you could statically assign them. eg: if cs1label='foo' cs1='bar' cs2Label='baz' cs2='spam' then | keyvalue auto keys "cs1", "cs2" as foo, baz You could put if sta...
-
For regular searches and dashboards the best practice is to add a field extraction rule to parse the fields on ingest rather than in the query to keep the query running quickly. Here's a link to th...
-
Hi Daniel, To parse reasonCode and AttributeAgentID I would use these statements: | parse "\'ReasonCode\' \'*\'" as reasonCode| parse "AttributeAgentID \'*\'" as agentID Then show only reasonCode...
-
Hi, Are you trying to get a list of all categories grouped by collector? I tried this to get the collector and sourceCategory: * | count by _sourceCategory, _collector | fields -_count