I am working on the query that generates a table with count of security violations. I want to filter our the users with violations greater than 10.
| rex field=_raw "(?<Message>Security\sviolation)\s\S+\s\S+\s(?<User>[A-Z0-9]+)"
| eval Time = strftime(_time, "%m-%d-%Y %H:%M:%S")
| rename JOBNAME as Jobname Time as Date
| eval Workload = substr(Jobname,1,3)
| stats count(Message) as "Security Violations" by Jobname User