Hi Team, I have created one query to show case the count with date my query is below: index="abc*" sourcetype=600000304_gg_abs_ipc2 source!="/var/log/messages" "Total msg processed for trim reage f...
I have a situation where I'm using case to compare 2 fields to identify a fuzzy match, but in field 1 I may have "boa.com" and in field 2 I have "Bank Of America" what I want to do is to take t...
I'm trying to replicate other threads that show how to replace line breaks with delimiters. This search is not working.
| ldapsearch domain=ED search="(&(objectClass=eduPerson)(weillCornellE...
I've been trying to solve this every which way and another and I always come up just short of the target. When searching linux audit log, the type=EXECVE has the most detailed information regarding ...
Hello,
I would like all the values from my query to be selected by default in my multiselect button.
As the result of my query is not static I can´t use <default>.
Any help is greatly app...
I have an index with multiple fields that I have created using "Extract new fields". The following is the what my current table looks like. I want to merge hostname and version field into one row if ...
Hi,
Hypothetically speaking, if I have the following event:
q[pworei[qpweori[pqwoeirp[qowier[powierw"NAME":"BOB";POQIWERUPQOWIEUPROIQWEURPOWIERPOWQIUR"NAME":"SAM";qpweoirpwoierupwoiproiq...
Hi,
I want to concatenate results from same field into string. How can I do that?
e..g
|inputlookup user.csv| table User
User
------------
User 1
User 2
User 3
Users = User 1+User2+User3