In the Cisco IOS Auditing -> Event Analysis page, the vendor explanations and recommended actions are finding matching events, but the transforming command is showing no results.
The query is as follows (the bolded portion is where the query returns no results):
tstats count AS "Count of Cisco IOS Event" from datamodel=Cisco_IOS_Event where (nodename = Cisco_IOS_Event) groupby "Cisco_IOS_Event.vendor_explanation" prestats=true | stats dedup_splitvals=t count AS "Count of Cisco IOS Event" by "Cisco_IOS_Event.vendor_explanation" | sort limit=250 -"Count of Cisco IOS Event" | fields - _span | rename "Cisco_IOS_Event.vendor_explanation" AS vendor_explanation | fillnull "Count of Cisco IOS Event" | fields vendor_explanation, "Count of Cisco IOS Event"****
Is there something that I need to enable on the supported equipment to help this search run?
BTW: Excellent app.
... View more