Search

Janani_Krish · ‎09-17-2020

Hi, I tried the below query to fit my model, sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command...

Subrahmanyab · ‎09-22-2017

...on' understand why my case statement default to putting every event in the other category. I have tried multiple commands, shown below, but they all end with the same results where every event is placed i...

ebs · ‎05-31-2021

Hi, I want my data presented in a very specific way, which means I can't go the typical route of just adding the field I want presented after the by in my stats command as I'm using t...

jip31 · ‎12-22-2020

...ookup host_allIND.csv HOSTNAME as host output SITE DEPARTMENT CATEGORY | stats max(BootTime) as "Boot time" last(SITE) as SITE last(CATEGORY) as CATEGORY last(DEPARTMENT) as DEPARTMENT by host &n...

dbcase · ‎12-01-2017

Hi, I have this data Properties: { [-] analyticsConfigs: { [+] } appVersion: 9.0.0 buildTarget: blah category: E...

nishad_tupe · ‎01-30-2020

...he impact. So I wanted to use a custom generating command that gives me flexibility to generate the SeviceNow incident with additional fields as parameters. Here is my search (My alert condition i...

ebs · ‎05-26-2021

...he averages by category together in a stats table, is there an easy way to do this?

markerton · ‎09-13-2018

...ount by category | sort -count I've tried searching around and trying a few other commands (like useother but can't seem to get it to work out how I want it. Thanks in advance for any help.

jonfrancais · ‎08-13-2016

...ourcetype' with the following configuration: [mySourceType] DATETIME_CONFIG = CURRENT KV_MODE = json AUTO_KV_JSON = true category = Custom pulldown_type = 1 The custom command builds a record with the J...

mrjester · ‎06-21-2012

...ebAsset EventCode=10001 EventType=4 Type=Information ComputerName=dev-web Category=0 CategoryString=none RecordNumber=90606 Message=Message=Save @objId=641 @user=Admin1 @rqstrName=James Doe @alt1RqstrName=J...

Search

Search the Community

fit command in MLTK detecting categorial outliers

My case statement is putting events in the "other"...

Add field post stats and transpose commands

Help on basic question concerning lookup command

String concatentation (strcat command) is duplicat...

snowincident command not working, its not getting ...

Using a stats avg function after an eval case comm...

How do you show only specific categories in return...

Generating custom command with complete JSON field...

Transaction command causing zero results