...roups of events that would have pairs with the start and end of each node selection/release. In the above example I would want toretrieve 2 complete pairs: 1) The events at 14:33:23 and 14:34:1...
How do I pass an event's field value into a subsearch toretrieve another field?
At the moment, I can't use join because the records at the other sourcetype racks up to millions. Due to l...
Hello! I have multiple events that have the same field values, but are not necessarily in the same order. I want to be able to grab the earliest time for the most recent field value in consecutive o...
Hello
I use an input text token in my search like this
town=$town$
By defaut, town = *
The problem is that sometimes the fieldtown doesnt exist in my events
When i chose * i would be a...
Dear all, I'm trying toretrieve some log metadata and associate them to all my events. Exemple: When my application starts, I'll get a few lines with what I'm calling metadata here (v...
Hello all, how do I retrieve the values from my search and insert in the same row, extracting the values from the field Services, like:
current search:
<search>
| stats sum(FAIL) as F...
Hello, I have events that look like this (for a user with id 123): 2021-04-29 14:30:45 Notification Received [User Id:123, location:null, location id:null] 2021-04-29 14:30:22 Response Sent for use...
Hello! I am trying toretrieve two events: the latest event where a user leaves a room and the earliest event where a user chooses to go to that room. In the example below I would want toretrieve t...
...ant the new field where all events after " aaRegistration" and before " aaCalibration" to have "phase_name" = "aaRegistration"
My ultimate goal is to (hopefully) be able toretrieve all events b...
My events have a few fields that are of the type:
field_Name=failed
What query should I write to get all that fields names? something that would mean any_field="failed" and retrieve me the n...