Could someone please show the difference between nomv and mvcombine with some examples? What I have seen is that both work exactly the same way and delim parameter in mvcombine doesn't work as e...
I have a multi-valued field that I'm trying to collapse down to a single value but the nomv command adds a whitespace character between the individual values of the field. This is a Base64 encoded s...
Is it possible to use the commands like makemv or nomv in data models? I am using regular expressions while building the datamodel for extracting some of the fields. One of the fields is a comma s...
I have a field called environment which has values like dev,prod,uat,sit. Now I want to create a new_field which all the field values of environment field. Example: (4 field values) environ...
...otential policy with any ports enabled. Second, find out which of these policies were allowing or teardowning request coming from public IP addresses. For this I came up with this query which does t...
I'm trying to add the hostnames that result from a search to the email subject of an alert but currently I'm only able to have 1 hostname in the subject when I use $result.host$. For example if the s...
Hi, I have a query like below which would return a list of host names. index=osmetrics flock=xxx source=ps PID=1 | lookup xxx.csv host | stats latest(ELAPSED) as last_reboot by host | eval...