index=_audit action=alert_fired ss_app="Threats_App" | eval ttl=expiration-now() | search ttl>0 | convert ctime(trigger_time) | sort - trigger_time | table trigger_time ss_name severity | rename trigger_time as "Alert Time" ss_name as "Alert Name" severity as "Severity" I created a dashboard, panel with above query in it. It is looking for triggered alerts from my app. I want to display the results(stats) of the triggered alerts in a different panel below that in the same dashboard. so its like " here are the alerts fired and when u click the alert name, it shows the stats(results) of that alert. Implementing this , I can see multiple alerts and the results of those alerts in the same dashboard" I do not want to install additional apps, so please help me with this query only. Please do not suggest apps for a simple solution. Thanks
... View more
I am running a search job to view Vulnerability results/data. The search runs every week Saturday evening. I want to dump the results into a lookup file which will run automatically every saturday and it should replaced the previous weeks report with new updated results. (Lookup needs to be same) For eg 20th March 2021 lookup file should be automatically replaced by results from 27th 2021 march search. I don't need the old report(20th march) data since it will be outdated and will consume space on my server.
... View more