About hperez

hperez · ‎08-09-2023

I wasn't aware of this capability. Thank you. I'll take a look and see if I can implement it.

hperez · ‎08-08-2023

Hello, I'm creating a visualization and attempting to show the total amount of events, and break them down by a specific field. So my initial search would be something like the search below, where I just count all the events for a specific sourcetype. index=foo sourcetype=bar | stats count as "Total Events for Security Control" The other searches would filter these by evaluating a third field and counting the ones that are true for the condition and the ones that are not. index=foo sourcetype=bar baz="Blocked" | stats count as "Total Blocked" index=foo sourcetype=bar baz!="Blocked" | stats count as "Total Blocked" The issue that I'm seeing is that for one of my sourcetype, the total number of events is not equal to the sum of the breakdown searches. Any idea as to why this might be happening?

hperez · ‎11-23-2022

Hello, Where can I view notable alert suppression entries in ES? I'm looking for a way to not only audit these entries but also remove them.

hperez · ‎04-05-2021

I created a correlation search with only two pipes, table and rename. I added inline table to the email notification but it is not showing. I have another alert for which this works with a similar search. The only difference is another user created it. Is there any role dependency to do this? Not sure what else could cause this.

Posts	4
Solutions	0
Karma Given	2
Karma Received	0
Member Since	‎04-05-2021

Online Status	Offline
Date Last Visited	‎08-09-2023 01:22 PM

Why are Total events not matching with breakdown s...

Where can I view created notable alert suppression...

Inline table not showing in Correlation Search Ema...

Re: Why are Total events not matching with breakdo...

Why are Total events not matching with breakdown s...

Where can I view created notable alert suppression...

Inline table not showing in Correlation Search Ema...