...DS_SRC_SYSTEM_CODE | fillnull value=0 And the result screenshot is below. The AR1, BE1 ect are source system codes and the numerical values for each source system in the rows are the aggregate trade c...
...esult screenshot is above. The AR1, BE1 ect are source system codes and the numerical values for each source system in the rows are the aggregate trade counts for respective source system at the t...
I want to essentially trigger an alarm if a user changes the password of multiple distinct user accounts within a given period of time.
I was able to start with the search below, which p...
...se a charted aggregate search and anything I try ends up with a malformed eval string. This is the query I am trying to work with
index="perfdata" source="expense_transaction" LR_Run_Name=1...
Hi,
We have created the aggregation policies and configure the action rules to create a ticket.
We have a requirement to prevent the ticket getting created for few of the hosts.
How to define t...
Hello,
I'd like a report to be sent every first Tuesday of the month at 11:00 pm. Thinking logically, I should use this cron: 0 23 1-7 * 2 . But for some reason, I receive the report every day du...
Hello,
I am running a search that returns all the failed logins across all servers that occurred in the last 15 minutes. It runs every 15 minutes and I want it to alert out if the failed logins is...
I have ES, and I love the Risk Framework for understanding holistic risk for my users and systems. And I can sort the notable events by risk, which is also really useful! But I wish that I could set ...
Hello,
Please help me with the below.
My search has to find the keyword "Service.com" and if found should search for the keyword "connection reset error" in the next few events and if found if t...
...ow, I want to trigger an email if at-least one record with Error is found. I tried giving custom search like
search STATUS=Error
search count(eval(STATUS="Error")) > 1
It didn't w...