I run the below 1,2,3 queries on the given datasets to find out which users ran the enable command on which host at what time: ![]() The reason is that when trying to eval a field based on a filed that doesn't exist in the data, the eval will fail and you'll end up with empty field. If you'll notice, I've added an if clause to the eval function. | eval "Hidden Cam Monitoring" = Date + " : " + hostname + " " + status + if(isnotnull(user)," "+user,"") Index=windows_log host=abc-05-hiddencam logged* This query captures the logg on and logg off status of the service. I have 2 separate queries that I built using Rex.ฤก. I have another issue now, which I hope you would help me get solved. ![]() I now learnt how to build up regex queries on my own after your explanations and analysis of the queries you built for me, a huge thank you for that. ![]() Hi hope you are doing really well and thank you for helping me solve my previous issues.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |