It appears that using now() inside of the map command will always return the time that the map was started rather than the time for each loop. The below SPL shows an example of this. Does anyone h...
Hi All... For those who already know some SQL, the join commands are pretty easy. Some of my teammates who are non-sql members, they were not aware of join, and when they try to read docs, they c...
TL;DR - Is there a way (without custom scripts or commands) to run a command from a string in the format of a union that contains a dynamic number of subsearches?
I have quite a few heavy d...
...ble to use some of these functions/commands. I tried to Google to find simpler examples but did not come up with anything. Can someone please provide the most simple example possible of using the c...
Hi,
For debugging I want to run my custom search commands from the command line.
The generatehello.py sdk example command runs fine from the command line and produces the results it s...
...vents from about 8 or 9 hosts. When I run the above search, I get 1 event back. I would expect 1 event from each host, per my understanding of the Map command.
Is there something here I am d...
Hello everyone,
The time modifiers don't seem seem to work for this search, am I doing something wrong?
|union
[search query.. earliest=-15m@m latest=now
|join type=inner x[query.....