Hi Experts, I am trying to get number of days between current date and another date being generated by my query and I am using the below code to calculate the same but i am getting blank results. | rex field=current "(?P\d{4}-\d{2}-\d{2})" -->date value fetched from field named "current". output for "date" field is 2018-09-01 | eval days = round((now()-date)/86400,0) | table days. Please suggest where I am wrong. ... View more

Hi, I am trying to find all the events related to a field where value is NULL. For E.g., say a field has multiple values like: abc def mno -- This is NULL value xyz -- This is NULL value pqr. I am trying to search via the below query, but that's not working. Here parent_incident is field name, which contains multiple values including NULL, and I need data related to NULL values only. index=main sourcetype=snow:incident endpoint="https://server.service-now.com/" NOT parent_incident=* Any help would be appreciable. Thanks ... View more

Below is the kind of string i have and I want to extract only date from it. Available string: 2019-02-24T16:05:37.000ZT16:05:37.000Z Desired output: 2019-02-24 Thanks ... View more

We have a dashboard panel which shows overall AV compliance % for windows servers.code is as below. index=dbconnect sourcetype=dbconnect:sql:SCCM_AVCompliance_AllServers | table Name DC OU ResourceID SignatureUpTo1DayOld AntivirusSignatureAge AntivirusSignatureUpdateDateTime AntivirusSignatureVersion | rename Name as host | join host [| inputlookup elixpediadashboardservers.csv | search (host="*") Environment="*" | search "Operating System"=WINDOWS] | append [| inputlookup elixpediadashboardservers.csv | search (host="*") Environment="*" | search "Operating System"=WINDOWS] | dedup host | fillnull AntivirusSignatureAge Value=2 | eval Compliance=if(AntivirusSignatureAge==0 OR AntivirusSignatureAge==1 ,"COMPLIANT","NONCOMPLIANT") | stats count(eval(Compliance=="COMPLIANT")) as compliant, count(eval(Compliance=="NONCOMPLIANT")) as noncompliant, count as total | eval AVUpdateCompliance=round((compliant/total)*100,2) | table AVUpdateCompliance Now customer requirement is to add a filter on top of this panel, which shows last 4 months like January 2019 December 2018 November 2018 October 2018 and this filter has already been created. My query is... How do i pass a month as a token in my query so that, if a user selects November 2018 from dropdown, then the panel should show AV % compliance only for the month of November. Any help would be highly appreciable. Thanks ... View more

_ time is in below format 2019-01-30 07:10:51.191 2019-01-30 07:10:51.190 2019-01-30 07:10:51.189 I need output in below format January 2019 Any help would be highly appreciable... ... View more