About JJ_Yam

JJ_Yam · ‎10-27-2022

Thank you for this answer! I had this exact issue where my ServiceNow Event Integration didn't work and the _internal index kept showing the "User does not have permissions" signature. Adding the "list_storage_passwords" capability works!

JJ_Yam · ‎10-25-2022

Apologies, I just realized the duration field exists. Thank you!

JJ_Yam · ‎10-25-2022

Hey, thanks for the answer! However, the line: | eval logout_time=strftime(_time+duration, "%Y-%m-%d %H:%M:%S") Doesn't work for my case as the logs do not include a duration field. Instead, there are 2 _time values, 1 for login time, and 1 for logout time. Do you know how I could turn these 2 values into separate columns - login_time and logout_time, as shown in the question?

JJ_Yam · ‎10-25-2022

Title may be a bit confusing, so here's an example of what I'm trying to achieve: I want to convert a table that looks like this: _time user action 2022-01-01 10:00:00 user_1 login 2022-01-01 10:00:10 user_2 login 2022-01-01 11:30:20 user_1 logout 2022-01-01 11:40:00 user_1 login 2022-01-01 12:00:00 user_1 logout 2022-01-01 12:01:00 user_2 logout Into this: user login_time logout_time user_1 2022-01-01 10:00:00 2022-01-01 11:30:20 user_2 2022-01-01 10:00:10 2022-01-01 12:01:00 user_1 2022-01-01 11:40:00 2022-01-01 12:00:00

Posts	4
Solutions	0
Karma Given	4
Karma Received	0
Member Since	‎10-25-2022

Online Status	Offline
Date Last Visited	‎12-02-2022 02:39 AM

How to combine rows in groups of 2, grouped by nea...

Re: Splunk Add-on for Demisto only sends as admin

Re: How to combine rows in groups of 2, grouped by...

Re: How to combine rows in groups of 2, grouped by...

How to combine rows in groups of 2, grouped by nea...