the port signatures panel of the port overview dashboard is not working
The search string is:
eventtype=port_scan "Linux 2.6.32 - 3.10" | stats dc(dest_ip) as count by port_signature | where match(port_signature, replace(replace(""Linux 2.6.32 - 3.10"", "\s*OR\s*", "|"), "*", ".*")) | sort - count
The error is:
Error in 'where' command: The expression is malformed. Expected LIKE.
I get the problem just can't work out where to put the LIKE
Anyone?
Kind Regards
Peter
... View more