Hello all, I am trying to blacklist this app that is generating a ton of Windows Event logs; till I find what app it is and uninstall it. This is for HP's DesktopExtension.exe. The weird thing is th...
I am pretty new to ES correlation seraches and I am trying to figure out how to add additionals fields to notable events to make it esier to investigate. We have this correlation serach enabled "E...
my question is very simple. This returns nothing: sourcetype=my_sourcetype This returns X amount of events (same amount as index=my_index): index=my_index AND sour...
Hi! Faced with writing a query with an additional check and I can't find a way out. I will be glad if you tell me the direction or help with advice. We have the following custom logic: 1. When u...
I have this 'Email' Data Model in ES. The model is populated by macro and tags(2 eventypes populated by saved searches) (`cim_Email_indexes`) tag=IS_Email The two eventtypes have IS_Ema...
Hi I have a vast data set with a sample as below. Need to group the data based on three columns latest timestamp data and get the fourth column value against the latest timestamp found for that grou...
Hello guys,
if we add new indexer to existing cluster of 3 indexers with RF=3 and SF=3, how will be spread primary and replicated buckets?
Will 4th indexer receive replicated buckets too?
Thank...
Is it possible to add additional authentication/authorisation methods like Radius ?
or on Windows integrate with Active Directory
or on Unix do authentication with Kerberos and authorisation w...