Hello Can you help me Creating a dashboard that contains the following charts/data:
Bookmarked content
I mean the content i have mapped in my mitre attack in the last 7 days.
What is bookmarked data? Please share some anonymised, representative sample events showing the event data you are working with, and a representation of your expected results.
build a search query that captures the desired data. Assuming that the bookmarked content is logged with an event type or field that specifies when content is bookmarked (e.g., action = "bookmark"),
here's a query you could use:
| tstats count where index="your_index" sourcetype="your_sourcetype" action="bookmark" earliest=-7d@d latest=now by content
| rename content as "Content", count as "Bookmark Count"
but having problem to find the exact field name.