Could someone please show the difference between nomv and mvcombine with some examples? What I have seen is that both work exactly the same way and delim parameter in mvcombine doesn't work as e...
Is it possible to use the commands like makemv or nomv in data models? I am using regular expressions while building the datamodel for extracting some of the fields. One of the fields is a comma s...
I have a field called environment which has values like dev,prod,uat,sit. Now I want to create a new_field which all the field values of environment field. Example: (4 field values) environ...
I am trying to generate one event from of list of similar events. I want to remove the _check and add these to one field separated by comas. I am generating a critical event that lists all the h...
...otential policy with any ports enabled. Second, find out which of these policies were allowing or teardowning request coming from public IP addresses. For this I came up with this query which does t...
I'm trying to add the hostnames that result from a search to the email subject of an alert but currently I'm only able to have 1 hostname in the subject when I use $result.host$. For example if the s...
Is it possible to combine multiple rows into one row ?
COLUMN
frow1
frow2
frow3
to something like
COLUMN
frow1,frow2,frow3
Mvcombine combined all the rows to one row but they are ...
Hi, I have a query like below which would return a list of host names. index=osmetrics flock=xxx source=ps PID=1 | lookup xxx.csv host | stats latest(ELAPSED) as last_reboot by host | eval...