I have the events getting ingested as below:
Now,I want to create one lookup csv named 'PatchDate' which contains columns with values
Now,I want to implement two logic:
1.For each event received generate the MAXAGE value to be used.
IF <hostname> == Host ]
Use the MaxAge value.
Use the MaxAge value for ( Host == “default” )
Calculate the DAYSSINCECHANGE for the
Generate current TimeStamp => (need to write a rex command as field is not extracted)
Calculate Difference between and for event => DIFFERENCE
IF DIFFERENCE > 30
THEN It will throw alert.
Kindly help me to build the query.
... View more