I have a report that lists malware received by email that is part of a dashboard. Some months the list for each person can have dozens of eventslisted. Management would like to only show the l...
I have an event field that is a list of "permissions" , and I want to perform a lookup for each permission in the list. E.g.
Events
name
permissions
app1
s...
I have a lookup of all active credentials from tenable called tio_credentials.csv. I have a search that lists unique credentials used, like so: `tenable` `io` earliest=-15d pluginID=19506 | rex f...
...ortal sourcetype=app:*** source='log' cls='c.b.m.s.SoapClient Webservicecall*' ses=$Session$ | stats first"
So the first search lists all the session ID's for which a certain error occurs. I...
...rue | rename Column_1 as queues | stats list(queues) by instance
It splits the events into single lines and then I use stats to group them by instance
I have the following search that does the s...
Using timechart, I have a a table with a list of dates and a value. However, the dates are non-consecutive (although ordered). I want to add in the missing dates inbetween the current values and b...
...reated as part of an earlier base search and then find all events with that build number.
I get the following "Error in 'where' command: Typechecking failed. The '==' operator received different types....
Hello Community, I stumbled across a scenario where I have events present in the JSON format as follows
Event 1: {
"severity": "INFO",
"message": "msg",
"d...
Hi there,
I'm a noob. I'm looking to generate a report containing a list of events per host for a specific timeframe (e.g. 5 mins), grouped by host, and with a heading per host, like t...