Would any one know how to look up the name of a person who owns a notable event using the owner field? This is my search so far:
index=notable uc42a
| table _time, c_time, dest_subnet_name, dest_mac, dest_ip, dest_hostname,
| convert timeformat="%m-%d-%Y %l:%M %p" ctime(_time) AS c_time
| dedup dest_mac
I want to add the assigned owner of the notable UC's. I tried to add notable_owner into the table, but that didn't work. I know that the owner field is meta data, so how I can add that to my search?
... View more