Search

Janani_Krish · ‎09-17-2020

Hi, I tried the below query to fit my model, sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command...

Subrahmanyab · ‎09-22-2017

...on' understand why my case statement default to putting every event in the other category. I have tried multiple commands, shown below, but they all end with the same results where every event is placed i...

ebs · ‎05-31-2021

Hi, I want my data presented in a very specific way, which means I can't go the typical route of just adding the field I want presented after the by in my stats command as I'm using t...

nishad_tupe · ‎01-30-2020

...he impact. So I wanted to use a custom generating command that gives me flexibility to generate the SeviceNow incident with additional fields as parameters. Here is my search (My alert condition i...

dbcase · ‎12-01-2017

Hi, I have this data Properties: { [-] analyticsConfigs: { [+] } appVersion: 9.0.0 buildTarget: blah category: E...

jip31 · ‎12-22-2020

...ookup host_allIND.csv HOSTNAME as host output SITE DEPARTMENT CATEGORY | stats max(BootTime) as "Boot time" last(SITE) as SITE last(CATEGORY) as CATEGORY last(DEPARTMENT) as DEPARTMENT by host &n...

markerton · ‎09-13-2018

...ount by category | sort -count I've tried searching around and trying a few other commands (like useother but can't seem to get it to work out how I want it. Thanks in advance for any help.

mrjester · ‎06-21-2012

...ebAsset EventCode=10001 EventType=4 Type=Information ComputerName=dev-web Category=0 CategoryString=none RecordNumber=90606 Message=Message=Save @objId=641 @user=Admin1 @rqstrName=James Doe @alt1RqstrName=J...

jonfrancais · ‎08-13-2016

...ourcetype' with the following configuration: [mySourceType] DATETIME_CONFIG = CURRENT KV_MODE = json AUTO_KV_JSON = true category = Custom pulldown_type = 1 The custom command builds a record with the J...

ebs · ‎05-26-2021

...he averages by category together in a stats table, is there an easy way to do this?

Search

Search the Community

fit command in MLTK detecting categorial outliers

My case statement is putting events in the "other"...

Add field post stats and transpose commands

snowincident command not working, its not getting ...

String concatentation (strcat command) is duplicat...

Help on basic question concerning lookup command

How do you show only specific categories in return...

Transaction command causing zero results

Generating custom command with complete JSON field...

Using a stats avg function after an eval case comm...