I have been working on decoding a base64 encoded command using the decrypt2 app. I have successfully decoded the string but facing difficulty excluding or searching and also running stats of decoded field which gives a "p" thing as a result. Examples of | Search NOT: Example of Stats resulted "p": | rex field="process" ".*-(e|E)(n|N)[codemanCODEMAN]{0,12}\ (?<process_enc>[A-Za-z\d+/=]*)?" | decrypt field=process_enc b64 emit('process_decoded') | stats count by process_decoded Could someone please provide guidance on the correct syntax to exclude or search the decoded field using search not or using a lookup and help clarify the "P" thing from stats command? DECRYPT2
... View more