index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_deny=="*deny*") OR (isnull(sha256_allow_or_deny) AND isnull(md5_allow_or_deny)),"Unauthorized","Authorized") |eval hashes = mvappend(md5,sha256)|join bigfix_computer_id search [|inputlookup asset_lookup] |stats values(computer_name) as Computer_Names,values(Hashes_allow_or_deny) as Authorized/Unauthorized,values(fileName) as FileName by hashes | fields - hashes | stats list(Authorized/Unauthorized) AS Authorized/Unauthorized,list(FileName) AS FileName by Computer_Names | where Computer_Names="$computer_name$"
0.85 command.eval 42 354,676 354,676
0.00 command.fields 22 208,283 208,283
4.22 command.join 25 177,338 162,932
6.37 command.search 21 - 177,338
0.40 command.search.calcfields 10 177,338 177,338
0.16 command.search.fieldalias 10 177,338 177,338
0.10 command.search.filter 10 - -
0.06 command.search.index 21 - -
0.00 command.search.index.usec_1_8 866 - -
0.00 command.search.index.usec_512_4096 5 - -
1.94 command.search.rawdata 10 - -
1.47 command.search.typer 10 177,338 177,338
1.06 command.search.kv 10 - -
0.89 command.search.lookups 10 177,338 177,338
0.03 command.search.tags 10 177,338 177,338
0.00 command.search.summary 21 - -
6.26 command.stats 27 162,932 61
5.39 command.stats.execute_input 25 162,932 -
0.16 command.stats.execute_output 1 - -
0.00 command.table 1 1 2
0.00 command.where 1 61 1
0.00 dispatch.check_disk_usage 2 - -
0.00 dispatch.createdSearchResultInfrastructure 1 - -
0.14 dispatch.evaluate 1 - -
0.08 dispatch.evaluate.search 1 - -
0.06 dispatch.evaluate.join 1 - -
0.00 dispatch.evaluate.eval 2 - -
0.00 dispatch.evaluate.fields 1 - -
0.00 dispatch.evaluate.stats 2 - -
0.00 dispatch.evaluate.table 1 - -
0.00 dispatch.evaluate.where 1 - -
2.20 dispatch.fetch 25 - -
12.14 dispatch.localSearch 1 - -
2.47 dispatch.preview 3 - -
1.98 dispatch.preview.command.stats 3 - 181
0.48 dispatch.preview.stats.execute_output 3 - -
0.00 dispatch.preview.write_results_to_disk 3 - -
0.00 dispatch.preview.command.fields 3 92,022 92,022
0.00 dispatch.preview.command.table 3 3 6
0.00 dispatch.preview.command.where 3 181 3
0.40 dispatch.results_combiner 25 - -
7.21 dispatch.stream.local 21 - -
0.04 dispatch.writeStatus 13 - -
0.04 startup.configuration 1 - -
0.26
... View more